What is CVE-2015-9266?

CVE-2015-9266 is a critical-severity vulnerability in N/a. CVSS score: 9.8/10. Published 2018-09-05.

How severe is CVE-2015-9266?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2015-9266 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2015-9266

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exp…

EPSS: 0.790 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload (x_refsource_MISC)
39701 (exploit, x_refsource_EXPLOIT-DB)
hackerone.com/reports/73480 (x_refsource_MISC)
community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5… (x_refsource_CONFIRM)
39853 (exploit, x_refsource_EXPLOIT-DB)
community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1… (x_refsource_MISC)
community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwit… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-9266?: CVE-2015-9266 is a critical-severity vulnerability in N/a. CVSS score: 9.8/10. Published 2018-09-05.
How severe is CVE-2015-9266?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2015-9266 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.