CVE-2015-9266

Name of the Vulnerable Software and Affected Versions Ubiquiti airMAX versions prior to 7.1.3 Ubiquiti airMAX M versions prior to 5.6.2 Ubiquiti airMAX M versions prior to 5.5.11 Ubiquiti airMAX M versions prior to 5.5.10u2 Ubiquiti airGateway versions prior to 1.1.5 Ubiquiti airFiber AF24/AF24HD versions prior to 2.2.1 Ubiquiti airFiber AF5x versions prior to 3.0.2.1 Ubiquiti airFiber AF5 versions prior to 2.2.1 Ubiquiti airOS 4 XS2/XS5 versions prior to 4.0.4 Ubiquiti EdgeSwitch XP versions prior to 1.3.2

Description The web management interface of Ubiquiti devices allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques, potentially leading to root privileges.

Recommendations For Ubiquiti airMAX, update to version 7.1.3 or later. For Ubiquiti airMAX M, update to version 5.6.2 or later for XM/XW/TI, version 5.5.11 or later for XM/TI, and version 5.5.10u2 or later for XW. For Ubiquiti airGateway, update to version 1.1.5 or later. For Ubiquiti airFiber AF24/AF24HD, update to version 2.2.1 or later. For Ubiquiti airFiber AF5x, update to version 3.0.2.1 or later. For Ubiquiti airFiber AF5, update to version 2.2.1 or later. For Ubiquiti airOS 4 XS2/XS5, update to version 4.0.4 or later. For Ubiquiti EdgeSwitch XP, update to version 1.3.2 or later.