Vulnerability, yes, as much as the ability to steal my car by diving into the driver seat while I'm in the ghetto of Philadelphia ideling with the door open is a vulnerability.
On 3/21/17 6:39 PM, Mike Hammett wrote: > It's still a vulnerability. Don't try to throw any dirt on it. > > > > ----- > Mike Hammett > > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> > > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> > > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------------------------------------------------ > *From: *"Matt Hoppes" <[email protected]> > *To: *"Ubiquiti Users Group" <[email protected]> > *Sent: *Tuesday, March 21, 2017 5:28:02 PM > *Subject: *Re: [Ubnt_users] airOS Vulnerability Issue Update > > It is true... however to call it a vulnerability is a bit excessive. > > You literally have to be logged into a radio, while using an old > browser, while browsing a shady site that specifically attacks your radio. > > On 3/21/17 4:12 PM, Eduardo wrote: >> We got this notification from UBNT. Did anyone else also get it? >> >> Is this true, another vulnerability? >> >> Thanks, >> Eduardo >> >> >> >> *From:*Ubiquiti Networks [mailto:[email protected]] >> *Sent:* Monday, March 20, 2017 11:33 AM >> *Subject:* airOS Vulnerability Issue Update >> >> >> >> Addressing Security Concerns. We take network security very seriously >> and have fixed the command injection vulnerability for all affected >> products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®...... >> >> Ubiquiti Networks >> >> >> >> SOFTWARE >> >> >> >> OPERATOR >> >> >> >> UNIFI >> >> >> >> CONSUMER >> >> >> >> PRODUCTS >> >> >> >> BUY >> >> >> I M P O R T A N T >> >> >> >> >> >> >> >> >> Addressing Security Concerns >> >> We take network security very seriously and have fixed the authenticated >> command injection vulnerability for all affected products: airMAX®, >> airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the firmware >> for your devices. UniFi®, EdgeMAX®, and AmpliFi™products are not affected. >> >> While we acknowledge that all vulnerabilities are serious, we believe >> this issue rates fairly low in terms of threat severity, because it >> requires being authenticated to the management web interface, or >> tricking an authenticated administrator into opening a targeted, crafted >> URL in the browser where they are logged in to the affected device. >> Ubiquiti strongly backs our security measures: >> >> · Dedicated Security Director focused 100% on Ubiquiti®software >> vulnerabilities and supported by a strong group of engineers >> >> >> >> · Participation in third-party vulnerability assessment programs >> such as HackerOne, where we have given out substantial rewards >> >> >> >> · Significant investment retaining third-party external security >> audit company to review our software solutions frequently >> >> We’re currently addressing the php2 code concern, which will be >> eliminated from applicable code bases within the next few weeks. >> >> >> >> >> >> >> Latest Firmware Updates >> >> Ubiquiti has updated the firmware for the affected devices. Please >> update the firmware of your devices to the version listed here: >> >> >> >> DEVICES >> >> >> >> USE FIRMWARE >> >> >> >> v6.0.1 or later >> >> >> >> v8.0.1 or later >> >> >> >> v1.3.4 or later >> >> >> >> v1.1.8 or later >> >> >> >> v3.2.2 or later >> >> >> >> v3.2.2 or later >> >> >> >> v3.4.1 or later >> >> >> >> v3.6.1 or later >> >> >> >> For questions, contact our support team. >> >> Copyright © 2017, Ubiquiti Networks, Inc. All Rights Reserved. >> Ubiquiti Networks 685 Third Avenue, 27th Floor New York, NY 10017 USA >> >> Share this on: >> >> Unsubscribe | Update Preferences | View in browser >> >> Follow: Facebook | Twitter | YouTube >> >> >> >> >> >> _______________________________________________ >> Ubnt_users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > > > > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > _______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
