{"id":1786,"date":"2017-03-17T10:20:31","date_gmt":"2017-03-17T14:20:31","guid":{"rendered":"https:\/\/solutionsreview.com\/wireless-network\/?p=1786"},"modified":"2017-03-20T15:39:24","modified_gmt":"2017-03-20T19:39:24","slug":"security-flaw-discovered-in-ubiquiti-wireless-gear","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/wireless-network\/security-flaw-discovered-in-ubiquiti-wireless-gear\/","title":{"rendered":"Security Flaw Discovered in Ubiquiti Wireless Gear"},"content":{"rendered":"

\"SecurityNote<\/span>: Ubiquiti has since issued a fix for the vulnerability. Find that here.<\/a><\/strong><\/p>\n

Recently, security researchers have announced the details of an exploitable flaw in Ubiquiti’s wireless networking gear following the manufacturer’s failure to release a firmware patch. The researchers at Austria’s SEC Consult Vulnerability Lab<\/a> discovered the programming error in November and reached out to Ubiquiti through its HackerOne<\/a> hosted big bounty program. At first, Ubiquiti<\/a> denied that this was a new bug but later accepted it. While the manufacturer began working on a patch, Ubiquiti stalled during development. After repeated warnings regarding the bug, SEC decided to go public with the security concerns.<\/p>\n

With this bug, hackers can trick someone using a Ubiquiti<\/a> gateway or router into clicking on a malicious link, or embed the URL in a webpage they visit. From there, the hacker could inject commands into the vulnerable device. The networking kit uses the web interface to administer the it\u00a0and lacks CSRF protection meaning that hackers can perform actions as logged-in users. With this vulnerability, attackers can open a reverse shell to establish a connection to a Ubiquiti router and gain root access. The SEC Lab says that once the hacker is inside, the entire network is vulnerable due to a very outdated version (20 years old…) of PHP included in the software.<\/p>\n

“A command injection vulnerability was found in ‘pingtest_action.cgi.’ This script is vulnerable since it is possible to inject a value of a variable. One of the reasons for this behavior is the used PHP version (PHP\/FI 2.0.1 from 1997),” SEC’s advisory today<\/a> states.<\/p>\n

“The vulnerability can be exploited by luring an attacked user to click on a crafted link or just surf on a malicious website. The whole attack can be performed via a single GET-request and is very simple since there is no CSRF protection.”<\/p>\n

SEC tested the attack against four Ubiquiti devices, suspects that another 38 models are similarly vulnerable. Each of the vulnerable devices are listed in the advisory. Proof of Concept exploits, however, were not published and firmware patch still isn’t available for the devices.<\/p>\n

Note<\/span>: Ubiquiti has since issued a fix for the vulnerability. Find that here.<\/a><\/strong><\/p>\n

\t\t\t

\"wireless<\/a>For information on the top 802.11ac solutions,\u00a0check out our latest Buyer’s Guide:<\/strong><\/h4>\n