Ubiquiti APs Under Attack Using Exploit Patched Last Year

[thiggins]

Dan Goodin reports that attackers are targeting a flaw in theUbiquiti's AirOS that runs many of its wireless routers and access points. The vulnerability allows attackers to gain access to devices via HTTP or HTTPS without authentication and changes the infected device's password files.

A patch for the flaw was issued last July, but apparently hasn't been widely installed.

Check Dan's article for the full details.

 

[sfx2000]

I see the usernames "ubnt" and "mother" quite a bit in my ssh logs (failed attempts that is...)

Definitely patch up and watch those outside ports - filter them to trusted networks only

 

[LoneWolf]

Note (to anyone concerned) that since Ubiquiti access points use the Unifi software (separate platform from AirOS) that these are not affected.

This will affect Ubiquiti's point-to-point wireless gear, their AirRouter/AirRouter HP line, and the Toughswitch.