Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ubiquiti Networks AirOS 命令注入漏洞
Vulnerability Description
Ubiquiti Networks AirOS是美国优比快(Ubiquiti Networks)公司的一套用于Ubiquiti网络设备的操作系统。 Ubiquiti Networks AirOS v3.6.1/v4.0(802.11产品)和AirOS v5.x版本(AirMax产品)中存在命令注入漏洞。攻击者可利用该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A