BID:51191

AirOS Authentication Bypass Vulnerability

Info

AirOS Authentication Bypass Vulnerability

Bugtraq ID:	51191
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 28 2011 12:00AM
Updated:	Dec 28 2011 12:00AM
Credit:	Matt Hardy
Vulnerable:	Ubiquiti Networks, Inc. AirOS 5.3 Ubiquiti Networks, Inc. AirOS 4.0 Ubiquiti Networks, Inc. AirOS 3.6.1

Not Vulnerable:	Ubiquiti Networks, Inc. AirOS 5.4.5 Ubiquiti Networks, Inc. AirOS 5.3.5 Ubiquiti Networks, Inc. AirOS 4.0.1

Discussion

AirOS Authentication Bypass Vulnerability

AirOS is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the affected system.

Exploit / POC

AirOS Authentication Bypass Vulnerability

An attacker can use readily available tools to exploit this issue.

Solution / Fix

AirOS Authentication Bypass Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

AirOS Authentication Bypass Vulnerability

References:

AirOS Security Exploit -- Updated Firmware (Ubiquiti Networks, Inc.)
Ubiquiti Networks, Inc. Homepage (Ubiquiti Networks, Inc. )