CVE-2015-9266

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2015-9266
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-09-05 20:29:00 UTC
Updated2021-08-12 16:43:00 UTC
DescriptionThe web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Ubnt Af5 - All All All
Hardware Ubnt Af5 - All All All
Hardware Ubnt Af5x - All All All
Hardware Ubnt Af5x - All All All
Operating System Ubnt Af5x Firmware All All All All
Operating System Ubnt Af5x Firmware All All All All
Operating System Ubnt Af5 Firmware All All All All
Operating System Ubnt Af5 Firmware All All All All
Hardware Ubnt Airfiber Af24 - All All All
Hardware Ubnt Airfiber Af24 - All All All
Hardware Ubnt Airfiber Af24hd - All All All
Hardware Ubnt Airfiber Af24hd - All All All
Operating System Ubnt Airfiber Af24hd Firmware All All All All
Operating System Ubnt Airfiber Af24hd Firmware All All All All
Operating System Ubnt Airfiber Af24 Firmware All All All All
Operating System Ubnt Airfiber Af24 Firmware All All All All
Hardware Ubnt Airgateway - All All All
Hardware Ubnt Airgateway - All All All
Operating System Ubnt Airgateway Firmware All All All All
Operating System Ubnt Airgateway Firmware All All All All
Hardware Ubnt Airmax Ac - All All All
Hardware Ubnt Airmax Ac - All All All
Operating System Ubnt Airmax Ac Firmware 7.1.3 All All All
Operating System Ubnt Airmax Ac Firmware 7.1.3 All All All
Hardware Ubnt Airmax M - All All All
Hardware Ubnt Airmax M - All All All
Hardware Ubnt Airmax M Ti - All All All
Hardware Ubnt Airmax M Ti - All All All
Operating System Ubnt Airmax M Ti Firmware All All All All
Operating System Ubnt Airmax M Ti Firmware All All All All
Hardware Ubnt Airmax M Xm - All All All
Hardware Ubnt Airmax M Xm - All All All
Operating System Ubnt Airmax M Xm Firmware All All All All
Operating System Ubnt Airmax M Xm Firmware All All All All
Hardware Ubnt Airmax M Xw - All All All
Hardware Ubnt Airmax M Xw - All All All
Operating System Ubnt Airmax M Xw Firmware All All All All
Operating System Ubnt Airmax M Xw Firmware All All All All
Operating System Ubnt Airos 4 Xs2 All All All All
Operating System Ubnt Airos 4 Xs2 All All All All
Operating System Ubnt Airos 4 Xs5 All All All All
Operating System Ubnt Airos 4 Xs5 All All All All
Hardware Ubnt Edgeswitch Xp - All All All
Hardware Ubnt Edgeswitch Xp - All All All
Operating System Ubnt Edgeswitch Xp Firmware All All All All
Operating System Ubnt Edgeswitch Xp Firmware All All All All
Hardware Ui Af5 - All All All
Hardware Ui Af5x - All All All
Operating System Ui Af5x Firmware All All All All
Operating System Ui Af5 Firmware All All All All
Hardware Ui Airfiber Af24 - All All All
Hardware Ui Airfiber Af24hd - All All All
Operating System Ui Airfiber Af24hd Firmware All All All All
Operating System Ui Airfiber Af24 Firmware All All All All
Hardware Ui Airgateway - All All All
Operating System Ui Airgateway Firmware All All All All
Hardware Ui Airmax Ac - All All All
Operating System Ui Airmax Ac Firmware 7.1.3 All All All
Hardware Ui Airmax M - All All All
Hardware Ui Airmax M Ti - All All All
Operating System Ui Airmax M Ti Firmware All All All All
Hardware Ui Airmax M Xm - All All All
Operating System Ui Airmax M Xm Firmware All All All All
Hardware Ui Airmax M Xw - All All All
Operating System Ui Airmax M Xw Firmware All All All All
Hardware Ui Edgeswitch Xp - All All All

References

ReferenceSourceLinkTags
Ubiquiti airOS - Arbitrary File Upload (Metasploit) - Unix remote Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
Security Release for airMAX, TOUGHSwitch, and airGateway Released - Ubiquiti Networks Community CONFIRM community.ubnt.com Patch, Vendor Advisory
Ubiquiti airOS Arbitrary File Upload MISC www.rapid7.com Exploit, Third Party Advisory
#73480 Arbritrary file Upload on AirMax - HackerOne MISC hackerone.com Issue Tracking, Third Party Advisory
Important Security Notice and airOS 5.6.5 Release - Ubiquiti Networks Community CONFIRM community.ubnt.com Vendor Advisory
Solved: Virus attack - URGENT @UBNT - Ubiquiti Networks Community MISC community.ubnt.com Vendor Advisory
AirOS 6.x - Arbitrary File Upload EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: This vulnerability was reported by 93c08539.

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report