virus logo Intrusion Prevention

Ubiquiti.airOS.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt against an Arbitrary File Upload vulnerability in Ubiquiti airOS.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted file upload request. A remote attacker can exploit this to execute arbitrary code within context of the affected application via a crafted file upload request

affected-products-logoAffected Products

Ubiquiti airOS 5.6.2 and prior version

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code in the context of the affected user

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

39701
ID 42562
Created Jun 29, 2016
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Linux
Affected App Other