{"api_version":"1","generated_at":"2026-04-23T08:03:56+00:00","cve":"CVE-2010-5330","urls":{"html":"https://cve.report/CVE-2010-5330","api":"https://cve.report/api/cve/CVE-2010-5330.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-5330","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-5330"},"summary":{"title":"CVE-2010-5330","description":"On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-06-11 21:29:00","updated_at":"2019-06-14 13:25:00"},"problem_types":["CWE-77"],"metrics":[],"references":[{"url":"https://www.exploit-db.com/exploits/14146","name":"https://www.exploit-db.com/exploits/14146","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Ubiquity Nanostation5 (Air OS) 0day Remote Command Execution","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974","name":"https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974","refsource":"MISC","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"AirOS Security Exploit -- Updated Firmware - Ubiquiti Networks Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-5330","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5330","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"5330","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"airos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"5330","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"airos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2010","cve_id":"5330","cve":"CVE-2010-5330","vendorProject":"Ubiquiti","product":"AirOS","vulnerabilityName":"Ubiquiti AirOS Command Injection Vulnerability","dateAdded":"2022-04-15","shortDescription":"Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-05-06","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2010-5330","cwes":"CWE-77","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2010","cve_id":"5330","cve":"CVE-2010-5330","epss":"0.435910000","percentile":"0.975330000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2010-5330","qid":"379464","title":"For Vulnerability CVE-2010-5330"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2010-5330","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.exploit-db.com/exploits/14146","refsource":"MISC","name":"https://www.exploit-db.com/exploits/14146"},{"url":"https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974","refsource":"MISC","name":"https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974"}]}},"nvd":{"publishedDate":"2019-06-11 21:29:00","lastModifiedDate":"2019-06-14 13:25:00","problem_types":["CWE-77"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.6","versionEndExcluding":"5.4.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.2","versionEndExcluding":"5.3.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"5330","Ordinal":"151137","Title":"CVE-2010-5330","CVE":"CVE-2010-5330","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"5330","Ordinal":"1","NoteData":"On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.","Type":"Description","Title":null},{"CveYear":"2010","CveId":"5330","Ordinal":"2","NoteData":"2019-06-11","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"5330","Ordinal":"3","NoteData":"2019-06-11","Type":"Other","Title":"Modified"}]}}}