Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 6, 2022

CVE-2010-5330

High
EPSS 47.1%CISA KEV
Ubiquiti/AirOS

Description

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

EPSS — Exploit Probability

47.1%

Higher than 97.6% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2010-5330

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
47.1%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Apr 15, 2022

Added to KEV

Apr 15, 2022

Remediation Due

May 6, 2022

Affected Product

Ubiquiti

AirOS

View all Ubiquiti CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE