EIP-2026-100735

PRE-CVE

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100735. PoCs published by Pablo Rebolini.

AI-analyzed exploit summary This exploit demonstrates arbitrary file download and remote command execution in AirOS NanoStation M2 v5.6-beta via path traversal and command injection in the `scr.cgi` endpoint. The PoC includes valid examples for both file disclosure and command execution.

Description

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Pablo Rebolini · textwebappscgi

https://www.exploit-db.com/exploits/39871

View Code ZIP pw:eip

This exploit demonstrates arbitrary file download and remote command execution in AirOS NanoStation M2 v5.6-beta via path traversal and command injection in the `scr.cgi` endpoint. The PoC includes valid examples for both file disclosure and command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AirOS NanoStation M2 v5.6-beta (XM.v5.6-beta5.24359.141008.1753)

Auth required

Prerequisites: Valid credentials (default: ubnt:ubnt) · Network access to the device

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026