CVE-2010-5330
Summary
| CVE | CVE-2010-5330 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-11 21:29:00 UTC |
| Updated | 2019-06-14 13:25:00 UTC |
| Description | On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. |
Risk And Classification
EPSS: 0.435910000 probability, percentile 0.975010000 (date 2026-04-02)
CISA KEV: Listed on 2022-04-15; due 2022-05-06; ransomware use Unknown
Problem Types: CWE-77
CISA Known Exploited Vulnerability
| Vendor | Ubiquiti |
|---|---|
| Product | AirOS |
| Name | Ubiquiti AirOS Command Injection Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2010-5330 |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ubiquity Nanostation5 (Air OS) 0day Remote Command Execution | MISC | www.exploit-db.com | Third Party Advisory, VDB Entry |
| AirOS Security Exploit -- Updated Firmware - Ubiquiti Networks Community | MISC | community.ubnt.com | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 379464 For Vulnerability CVE-2010-5330