Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload
Vulnerability Description
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Ubiquiti产品路径遍历漏洞
Vulnerability Description
Ubiquiti airMAX AC等都是美国优比快(Ubiquiti Networks)公司的产品。Ubiquiti airMAX AC是一款无线接入点设备。airGateway是一款网关设备。 多款Ubiquiti产品中的Web管理接口存在目录遍历漏洞。攻击者可利用该漏洞上传并写入任意文件,获取root权限。以下产品和版本受到影响:Ubiquiti airMAX AC 7.1.3之前版本;airMAX M(包括airRouter)5.6.2 XM/XW/TI之前版本,5.5.11 XM/TI之前版本,
CVSS Information
N/A
Vulnerability Type
N/A