Login Sign Up

CVE-2020-8171

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2020-8171 is a command injection vulnerability in Ubiquiti AirMax AirOS firmware that allows remote attackers to execute arbitrary commands on affected devices. This affects AirMax AirOS v6.2.0 and earlier versions on TI, XW, and XM boards. Successful exploitation leads to complete system compromise.

💻 Affected Systems

Products:
  • Ubiquiti AirMax AirOS
Versions: v6.2.0 and earlier
Operating Systems: AirOS firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects TI, XW, and XM board models specifically. Other AirMax models may not be affected.

📦 What is this software?

Airos by Ui

View all CVEs affecting Airos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system takeover with persistent backdoor installation, network pivoting, and data exfiltration.

🟠

Likely Case

Remote code execution leading to device compromise, configuration changes, and network disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet if devices are exposed.
🏢 Internal Only: HIGH - Exploitable from any network segment with access to the device.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Command injection vulnerabilities are typically easy to exploit with publicly available techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.3.0

Vendor Advisory: https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261

Restart Required: Yes

Instructions:

1. Download AirMax AirOS v6.3.0 from Ubiquiti download page. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply update and reboot device.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AirMax devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement firewall rules to restrict access to AirMax management interfaces.

🧯 If You Can't Patch

  • Deploy network segmentation to isolate affected devices
  • Implement strict firewall rules blocking all unnecessary access to management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: System > Status > Firmware Version

Check Version:

No CLI command available; check via web interface

Verify Fix Applied:

Verify firmware version shows v6.3.0 or later after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Unexpected configuration changes
  • Failed authentication attempts to management interfaces

Network Indicators:

  • Unusual outbound connections from AirMax devices
  • Traffic to unexpected ports from management IPs

SIEM Query:

source="airmax" AND (event_type="command_execution" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2020-8171
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: May 26, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8171, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)