It is true... however to call it a vulnerability is a bit excessive. You literally have to be logged into a radio, while using an old browser, while browsing a shady site that specifically attacks your radio.
On 3/21/17 4:12 PM, Eduardo wrote: > We got this notification from UBNT. Did anyone else also get it? > > Is this true, another vulnerability? > > Thanks, > Eduardo > > > > *From:*Ubiquiti Networks [mailto:[email protected]] > *Sent:* Monday, March 20, 2017 11:33 AM > *Subject:* airOS Vulnerability Issue Update > > > > Addressing Security Concerns. We take network security very seriously > and have fixed the command injection vulnerability for all affected > products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®...... > > Ubiquiti Networks > > > > SOFTWARE > > > > OPERATOR > > > > UNIFI > > > > CONSUMER > > > > PRODUCTS > > > > BUY > > > I M P O R T A N T > > > > > > > > > Addressing Security Concerns > > We take network security very seriously and have fixed the authenticated > command injection vulnerability for all affected products: airMAX®, > airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the firmware > for your devices. UniFi®, EdgeMAX®, and AmpliFi™products are not affected. > > While we acknowledge that all vulnerabilities are serious, we believe > this issue rates fairly low in terms of threat severity, because it > requires being authenticated to the management web interface, or > tricking an authenticated administrator into opening a targeted, crafted > URL in the browser where they are logged in to the affected device. > Ubiquiti strongly backs our security measures: > > · Dedicated Security Director focused 100% on Ubiquiti®software > vulnerabilities and supported by a strong group of engineers > > > > · Participation in third-party vulnerability assessment programs > such as HackerOne, where we have given out substantial rewards > > > > · Significant investment retaining third-party external security > audit company to review our software solutions frequently > > We’re currently addressing the php2 code concern, which will be > eliminated from applicable code bases within the next few weeks. > > > > > > > Latest Firmware Updates > > Ubiquiti has updated the firmware for the affected devices. Please > update the firmware of your devices to the version listed here: > > > > DEVICES > > > > USE FIRMWARE > > > > v6.0.1 or later > > > > v8.0.1 or later > > > > v1.3.4 or later > > > > v1.1.8 or later > > > > v3.2.2 or later > > > > v3.2.2 or later > > > > v3.4.1 or later > > > > v3.6.1 or later > > > > For questions, contact our support team. > > Copyright © 2017, Ubiquiti Networks, Inc. All Rights Reserved. > Ubiquiti Networks 685 Third Avenue, 27th Floor New York, NY 10017 USA > > Share this on: > > Unsubscribe | Update Preferences | View in browser > > Follow: Facebook | Twitter | YouTube > > > > > > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > _______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
