Ubiquiti airCam < 1.2.0 ubnt-streamer RTSP Service Remote Code Execution

High Nessus Plugin ID 72580


The remote device is affected by a remote code execution vulnerability.


According to its self-reported version number, the firmware installed on the remote host is prior to 1.2.0. It is, therefore, affected by a remote code execution vulnerability in the 'ubnt-streamer' RTSP service when parsing an overly large URI of a RTSP request message. An attacker can exploit this issue to cause a denial of service or execute arbitrary code.


Upgrade to firmware version 1.2.0 or later.

See Also



Plugin Details

Severity: High

ID: 72580

File Name: ubiquiti_aircam_1_2_0.nasl

Version: $Revision: 1.1 $

Type: remote

Family: Misc.

Published: 2014/02/19

Modified: 2014/02/19

Dependencies: 72579

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ubnt:airvision_firmware

Required KB Items: Ubiquiti/airCam/Device, Ubiquiti/airCam/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/10

Vulnerability Publication Date: 2013/06/11

Reference Information

CVE: CVE-2013-1606

BID: 60487

OSVDB: 94211

EDB-ID: 26138