vulnerability
Ubiquiti AirOS: CVE-2010-5330: Improper Neutralization of Special Elements used in a Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:P/I:C/A:C) | Jun 11, 2019 | Aug 14, 2025 | Aug 14, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:P/I:C/A:C)
Published
Jun 11, 2019
Added
Aug 14, 2025
Modified
Aug 14, 2025
Description
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
Solution
ubiquiti-airos-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.