News
Now Reading
Ubiquiti Networks Releases Numerous Security Patches as SEC Consult Exposes Command Injection Vulnerability
0

Ubiquiti Networks Releases Numerous Security Patches as SEC Consult Exposes Command Injection Vulnerability

Sam ChenMarch 22, 2017

In a recent advisory sent out by SEC Consult’s Vulnerability Lab, SEC Consult advised that a security flaw had been confirmed in at least four Ubiquiti Networks devices with as many as an additional 38 devices possibly vulnerable to the security issue.

According to the advisory, a command injection vulnerability exists in the “pingtest_action.cgi” script in the devices. If an attacker is able to lure a user to click on a special link or go to a malicious website, it would allow an attacker to gain control of the networking equipment. This issue is largely attributed to a decade old version of PHP, PHP/FI 2.0.1, used by the devices.

In response, Ubiquiti Networks released a series of security patches for their AirOS, AirGateway, TOUGHSwitch, and airFiber based devices. Those who own an AirOS based device or an associated device are encouraged to apply the updates as soon as possible.

Firmware updates are available via the Ubiquiti Networks page here.

 

Source: SEC Consult, Ubiquiti Networks

About The Author
Sam Chen
Hardware and Technology Enthusiast. SSD Evangelist. Editor-in-Chief.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.