CVE-2010-5330: Ubiquiti AirOS Command Injection Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Ubiquiti · AirOS

Date added (KEV): Apr 15, 2022
CISA due date: May 06, 2022
Ransomware campaign use: Unknown

Required action

Apply updates per vendor instructions.

Vendor fix: Vendor patch

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

https://nvd.nist.gov/vuln/detail/CVE-2010-5330

See what attackers can see on your domain

This vulnerability is on CISA's Known Exploited Vulnerabilities list, so it is being exploited in the wild right now. Scorifya can't test for Ubiquiti directly, but in about 30 seconds it shows what your own domain exposes publicly across TLS, security headers, DNS, and cookies: the surface attackers probe first.

Run a free scan Methodology

References

https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974Issue TrackingPatchVendor Advisory
https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974Issue TrackingPatchVendor Advisory
https://www.exploit-db.com/exploits/14146Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/14146Third Party AdvisoryVDB Entry

Other recent CVEs from Ubiquiti

CVE-2026-34908UniFi OS — Ubiquiti UniFi OS Improper Access Control Vulnerability
CVE-2026-34909UniFi OS — Ubiquiti UniFi OS Path Traversal Vulnerability
CVE-2026-34910UniFi OS — Ubiquiti UniFi OS Improper Input Validation Vulnerability