Description
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-354CWE-354
Metadata
- Primary Vendor
- UI
- Published
- 2/2/2023
- Last Modified
- 3/26/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ui : af-2x_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.