Security Release for airMAX and airGateway Released

by Deleted Account on ‎07-17-2015 08:05 AM - last edited on ‎12-04-2018 04:50 PM by Ubiquiti Employee

Hi all,

We've just released a very important security release of the following products: 


  • airMAX v5.6.2
  • airMAX AC v7.1.3
  • EdgeSwitch XP (formerly known as TOUGHSwitch) v1.3.2
  • airGateway v1.1.5

The primary change in these versions is a fix for a vulnerability that allows unauthenticated users to gain access to the device via HTTP(s). 


All previous versions are affected. 


It's highly recommended to upgrade to the latest versions as soon as possible. If you have any questions, feel free to open a new thread or send me an email (


For downloads and full release notes on these versions, please see:


EDIT: We have released updated versions of 5.5.x with this security update. You can find these under "Past Firmware" section.




XW.v5.5.10-u2.28005.150723.1358.bin (XW units shipping with 5.5.11 will need to use 5.6.2+.  5.5.11 for XW is not patched)


For legacy airOS 4 devices. DOWNLOAD






NOTE: This vulnerability was reported via our Hacker Bug Bounty program under private disclosure. At this time we have no reason to believe there are any leaks of this information or known exploits.