Critical Vulnerability In Several Ubiquiti Products

From sec-consult:

Vulnerability overview/description:

-----------------------------------

1) Command Injection in Admin Interface A command injection vulnerability was found in "pingtest_action.cgi". This script is vulnerable since it is possible to inject a value of a variable. One of the reasons for this behaviour is the used PHP version (PHP/FI 2.0.1 from 1997).

It appears to affect the majority of Ubiquiti's products, and is supposedly fixed in AirOS 8.0.1.

A partial upside is that the radios rarely have remote access, and the exploit generally relies on phishing users into clicking a link that will hit a cgi script on the radio. The downside is that link can cause it to open a reverse shell, pretty much allowing the attacker full access into the network the radio is on.

If you have Ubiquiti radios that have older firmware you might want to upgrade them ASAP.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.