We got this notification from UBNT. Did anyone else also get it? Is this true, another vulnerability?
Thanks, Eduardo From: Ubiquiti Networks [mailto:[email protected]] Sent: Monday, March 20, 2017 11:33 AM Subject: airOS Vulnerability Issue Update Addressing Security Concerns. We take network security very seriously and have fixed the command injection vulnerability for all affected products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®...... SOFTWARE OPERATOR UNIFI CONSUMER PRODUCTS BUY I M P O R T A N T Addressing Security Concerns We take network security very seriously and have fixed the authenticated command injection vulnerability for all affected products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the firmware for your devices. UniFi®, EdgeMAX®, and AmpliFi™ products are not affected. While we acknowledge that all vulnerabilities are serious, we believe this issue rates fairly low in terms of threat severity, because it requires being authenticated to the management web interface, or tricking an authenticated administrator into opening a targeted, crafted URL in the browser where they are logged in to the affected device. Ubiquiti strongly backs our security measures: · Dedicated Security Director focused 100% on Ubiquiti® software vulnerabilities and supported by a strong group of engineers · Participation in third-party vulnerability assessment programs such as HackerOne, where we have given out substantial rewards · Significant investment retaining third-party external security audit company to review our software solutions frequently We’re currently addressing the php2 code concern, which will be eliminated from applicable code bases within the next few weeks. Latest Firmware Updates Ubiquiti has updated the firmware for the affected devices. Please update the firmware of your devices to the version listed here: DEVICES USE FIRMWARE v6.0.1 or later v8.0.1 or later v1.3.4 or later v1.1.8 or later v3.2.2 or later v3.2.2 or later v3.4.1 or later v3.6.1 or later For questions, contact our support team. Copyright © 2017, Ubiquiti Networks, Inc. All Rights Reserved. Ubiquiti Networks 685 Third Avenue, 27th Floor New York, NY 10017 USA Share this on: Unsubscribe | Update Preferences | View in browser Follow: Facebook | Twitter | YouTube
_______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
