Ubiquiti vulnerability
-
-
yes, the builtin web server runs as root
-
There is a lot of fail here. Why are they not on PHP 5.6 at least?
-
Is this just the routers? I find it hard to believe it wouldn't affect everything. Sure the router would be the initial access. I guess it wouldn't matter unless you're doing VLAN routing on a switch.
-
Ha I emailed Troy Hunt about it and he said he's already contacted them about it. That's pretty fast.
-
Here's the advisory https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Here's a list of the devices they tested:
The following devices and firmware versions have been tested/verified:
TS-8-PRO - v1.3.3 (SW)
(Rocket) M5 - v5.6.9/v6.0 (XM)
(PicoStationM2HP) PICOM2HP - v5.6.9/v6.0 (XM)
(NanoStationM5) NSM5 - v5.6.9/v6.0 (XM)Based on information embedded in the firmware of other Ubiquiti products
gathered from our IoT Inspector tool we believe the following devices are
affected as well:Ubiquiti Networks AF24 (Version: AF24 v3.2)
Ubiquiti Networks AF24HD (Version: AF24 v3.2)
Ubiquiti Networks AF-2X (Version: AF2X v3.2 )
Ubiquiti Networks AF-3X (Version: AF3X v3.2)
Ubiquiti Networks AF5 (Version: AF5 v3.2)
Ubiquiti Networks AF5U (Version: AF5 v3.2)
Ubiquiti Networks AF-5X (Version: AF5X v3.2.1)
Ubiquiti Networks AG-PRO-INS (Version: AirGWP v1.1.7)
Ubiquiti Networks airGateway (Version: AirGW v1.1.7)
Ubiquiti Networks airGateway-LR (Version: AirGW v1.1.7)
Ubiquiti Networks AMG-PRO (Version: AirGWP v1.1.7)
Ubiquiti Networks LBE-5AC-16-120 (Version: WA v7.2.4)
Ubiquiti Networks LBE-5AC-23 (Version: WA v7.2.4)
Ubiquiti Networks LBE-M5-23 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks NBE-5AC-16 (Version: WA v7.2.4)
Ubiquiti Networks NBE-5AC-19 (Version: XC v7.2.4)
Ubiquiti Networks NBE-M2-13 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks NBE-M5-16 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks NBE-M5-19 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-5AC-300 (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-300-ISO (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-400 (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-400-ISO (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-500 (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-500-ISO (Version: XC v7.2.4)
Ubiquiti Networks PBE-5AC-620 (Version: XC v7.2.4)
Ubiquiti Networks PBE-M2-400 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-M5-300 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-M5-300-ISO (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-M5-400 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-M5-400-ISO (Version: XW v5.6.9/v6.0)
Ubiquiti Networks PBE-M5-620 (Version: XW v5.6.9/v6.0)
Ubiquiti Networks R5AC-Lite (Version: XC v7.2.4)
Ubiquiti Networks R5AC-PRISM (Version: XC v7.2.4)
Ubiquiti Networks R5AC-PTMP (Version: XC v7.2.4)
Ubiquiti Networks R5AC-PTP (Version: XC v7.2.4)
Ubiquiti Networks RM2-Ti (Version: XW v5.6.9/v6.0)
Ubiquiti Networks RM5-Ti (Version: XW v5.6.9/v6.0) -
The pfSense project liked this post
-
None of that is the EdgeMax series.
That is all the original wireless stuff before even the Unifi line.
Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.
All that gear should be behind a router normally.
-
@JaredBusch said in Ubiquiti vulnerability:
None of that is the EdgeMax series.
That is all the original wireless stuff before even the Unifi line.
Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.
All that gear should be behind a router normally.
Ya I was looking through it and noticed that. The tough switch was in there, but that's the only non bridge type device I saw.
-
Well that's good then. Bad but not really a big deal.
-
@stacksofplates said in Ubiquiti vulnerability:
@JaredBusch said in Ubiquiti vulnerability:
None of that is the EdgeMax series.
That is all the original wireless stuff before even the Unifi line.
Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.
All that gear should be behind a router normally.
Ya I was looking through it and noticed that. The tough switch was in there, but that's the only non bridge type device I saw.
The tough switch has been a dead product for years.
-
@scottalanmiller said in Ubiquiti vulnerability:
Well that's good then. Bad but not really a big deal.
Right. It is certainly a bad thing. But perspective is important.
Maybe there is shit ton of this gear out there easily available in some method I do not understand from that limited article and video. But, I do not see how.
-
@JaredBusch said in Ubiquiti vulnerability:
@stacksofplates said in Ubiquiti vulnerability:
@JaredBusch said in Ubiquiti vulnerability:
None of that is the EdgeMax series.
That is all the original wireless stuff before even the Unifi line.
Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.
All that gear should be behind a router normally.
Ya I was looking through it and noticed that. The tough switch was in there, but that's the only non bridge type device I saw.
The tough switch has been a dead product for years.
Ah didn't realize that. I've seen it for sale a few places, but never noticed they weren't produced any more.
-
@stacksofplates said in Ubiquiti vulnerability:
@JaredBusch said in Ubiquiti vulnerability:
@stacksofplates said in Ubiquiti vulnerability:
@JaredBusch said in Ubiquiti vulnerability:
None of that is the EdgeMax series.
That is all the original wireless stuff before even the Unifi line.
Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.
All that gear should be behind a router normally.
Ya I was looking through it and noticed that. The tough switch was in there, but that's the only non bridge type device I saw.
The tough switch has been a dead product for years.
Ah didn't realize that. I've seen it for sale a few places, but never noticed they weren't produced any more.
It might still be produced, but it has not been developed against at all.
