CVE-2026-21639
5.4
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.
Affected Products:
airMAX AC (Version 8.7.20 and earlier)
airMAX M (Version 6.3.22 and earlier)
airFiber AF60-XG (Version 1.2.2 and earlier)
airFiber AF60 (Version 2.6.7 and earlier)
Mitigation:
Update your airMAX AC to Version 8.7.21 or later.
Update your airMAX M to Version 6.3.24 or later.
Update your airFiber AF60-XG to Version 1.2.3 or later.
Update your airFiber AF60 to Version 2.6.8 or later.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.7.21 |
| Running on/with | Platform Versions |
|---|---|
Ui Airmax Ac | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.3.24 |
| Running on/with | Platform Versions |
|---|---|
Ui Airmax M | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.2.3 |
| Running on/with | Platform Versions |
|---|---|
Ui Airfiber Af60 Xg | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.6.8 |
| Running on/with | Platform Versions |
|---|---|
Ui Airfiber Af60 | All versions |
References (1)
Source: support@hackerone.com
Vendor Advisory
Timeline
No history available yet.