What is it?

Ubiquiti produces routers, radios, switches, gateways and wireless access points.

Why is it a risk?

The AirOS firmware in these devices has a bug that can be exploited without any authentication. According to their advisory (link below) “Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected.”

The worm creates a backdoor administrator account, disables existing administrator accounts, re-installs itself on re-boot and scans for other devices to infect.

How can you mitigate the risk?

Ubiquiti advises updating to version 5.6.5 (5.6.4 if you are using rc.scripts). For devices already infected, they provide a removal tool.


Ubiquity vulnerability advisory

Share →