CVE-2017-0938
HIGH EXPLOITEDairMAX <8.3.2, airMAX <6.0.7, EdgeMAX <1.9.7 - DoS
Title source: llmExploitation Summary
CVE-2017-0938 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/221625
Release Notes, Vendor Advisory x_refsource_misc
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215
Scores
CVSS v3
7.5
EPSS
0.2097
EPSS Percentile
97.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
VulnCheck KEV
2019-01-29
CWE
CWE-20
CWE-400
Status
published
Products (2)
ui/airos
< 6.0.7
ui/edgemax_firmware
< 1.9.7
Published
Feb 12, 2019
Tracked Since
Feb 18, 2026