External risk intelligence

Ubiquiti AirOS Command Injection Vulnerability.

CVE advisoryKnown Exploit

CVE-2010-5330

Ubiquiti AirOS devices are affected by a command injection vulnerability in the `stainfo.cgi` script. Attackers can exploit this by sending a GET request, potentially leading to unauthorized control of devices. This poses a business risk due to potential system compromise and data manipulation.

4Halo Surface Signal

Command Injection

Ui Airos

before 4.0.14.0.2 to before 5.3.55.3.6 to before 5.4.5

External exposure likelihood

Halo Surface Signal score for CVE-2010-5330

The vulnerability affects Ubiquiti AirOS devices, which are commonly deployed as internet-facing network edge equipment, wireless bridges, or gateways. The vulnerable component, a CGI script, is part of the device's web management interface, which is frequently exposed to the network to facilitate remote administration and monitoring of infrastructure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Ubiquiti devices running AirOS are affected by a command injection vulnerability. This flaw exists when an attacker sends a GET request to a specific script on the device. The input is not properly checked, allowing malicious commands to be executed. This could potentially lead to unauthorized access or control of the affected devices.

  • Ubiquiti AirOS devices
  • Unsanitized input in CGI script
  • Unauthorized access and control

Attack Path

How an attacker could exploit the issue

This vulnerability allows for command injection on affected Ubiquiti devices. An attacker can exploit this by sending a specially crafted GET request to the `stainfo.cgi` script. This script does not properly sanitize the `ifname` variable, allowing the attacker to inject shell metacharacters. Successful exploitation could lead to an attacker gaining control over the affected device.

  • Web interface is exposed.
  • Attacker sends a malicious GET request.
  • Command injection results in device control.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability presents a significant risk to organizations utilizing specific Ubiquiti devices running AirOS. Attackers could remotely inject commands, potentially leading to unauthorized access, system compromise, or data manipulation. The severity of this issue, rated as Critical, indicates a high potential for widespread impact. Organizations are advised to prioritize remediation efforts.

  • Likely attacker skill level: Low.
  • Required access or conditions: Network access.
  • Business risk or urgency: High.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Command injection vulnerabilities have been identified in certain Ubiquiti devices, impacting the integrity and availability of affected systems. These vulnerabilities stem from un-sanitized variable inputs within the stainfo.cgi script, potentially allowing unauthorized command execution through specially crafted GET requests. The potential for attackers to gain elevated privileges or execute arbitrary commands poses a significant risk to organizational data and network operations.

  • Find affected Ubiquiti devices.
  • Isolate vulnerable devices from the network.
  • Apply vendor firmware updates and validate.
  • Monitor for anomalous network activity.

Frequently asked questions

What is Ubiquiti AirOS and what is it used for?

Ubiquiti AirOS is firmware used in various Ubiquiti networking devices. These devices are often employed for building wireless networks, including point-to-point links, wireless access points, and network gateways, commonly found at the edge of networks.

What is the nature of the CVE-2010-5330 vulnerability?

CVE-2010-5330 is a command injection vulnerability. This weakness occurs because a script named `stainfo.cgi` does not properly sanitize user-supplied input in the `ifname` variable, allowing attackers to inject shell commands.

How can an attacker exploit CVE-2010-5330?

An attacker can exploit this vulnerability by sending a specially crafted GET request to the `stainfo.cgi` script. This request needs to contain shell metacharacters in the `ifname` parameter to inject and execute commands, potentially leading to device control.

Who should be concerned about this vulnerability based on network exposure?

Organizations should be concerned if they use Ubiquiti devices running AirOS that are exposed to the network. This includes devices acting as internet-facing equipment, wireless bridges, or gateways, as the vulnerability is accessible via the device's web management interface.

What is the first step for managing this risk?

The first step is to identify which Ubiquiti devices are running affected versions of AirOS. Following identification, it is recommended to apply the firmware updates provided by Ubiquiti for the specific product line to remediate the vulnerability.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified