PSA: Ubiquiti Network compromised again | Critical UniFi OS bug lets hackers gain root without authentication

Arjun

Arjun

IPCT Contributor
Feb 26, 2017
14,078
16,406
The Free? World
bishopfox.com

Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection…

Bishop Fox confirmed a full unauthenticated RCE chain in UniFi OS Server that lands a root shell in one request, exposing networks, doors, and cameras.
bishopfox.com bishopfox.com

www.bleepingcomputer.com

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication.
www.bleepingcomputer.com www.bleepingcomputer.com

Update your devices ASAP!

 
  • Wow
Reactions: Techie007L
Molbo said:
The exploits only work if you allow access to your console from outside world. NEVER DO THAT!
Click to expand...
That means DISABLE REMOTE MANAGEMENT / REMOTE LOGIN found under console settings, enabled by default outside the box :lol:
 
Arjun said:
That means DISABLE REMOTE MANAGEMENT / REMOTE LOGIN found under console settings, enabled by default outside the box :lol:
Click to expand...
Not exactly , it's mainly about Direct Remote Connection (what is basically port forwarding to console WebUI :facepalm:), but disabling Remote Access completely is not a bad idea.
Only VPN, preferably Wireguard or some Wireguard based Unifi tools such as teleport or site magic.
 
  • Exclamation
Reactions: Arjun
You must log in or register to reply here.
Top Bottom