Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. [...]
Ubiquiti produces network equipment and software whose vulnerabilities, exposed management interfaces, and insecure configurations can affect organizations.
Search across headline titles and summaries.
Background for this topic.
Ubiquiti is a networking-equipment brand whose ecosystem includes wireless access points, switches, routers and gateways, cameras, and centralized management software such as UniFi. These devices often sit directly on an organization’s network, while management may be performed through a local controller or a vendor-linked cloud account, making their security relevant beyond the individual appliance.
Security reporting commonly concerns firmware vulnerabilities, exposed administrative interfaces, insecure configuration, and compromise of controller or cloud credentials. A flaw in a gateway or controller could allow unauthorized configuration changes, network access, or visibility into connected devices; exposure depends on the product, version, and deployment. Practitioners should inventory models and firmware, restrict management planes from the public internet, enforce strong unique administrator authentication and multi-factor authentication where supported, review remote-management settings and logs, and apply vendor updates through a documented lifecycle. During an incident, preserve controller and gateway logs and check for altered accounts, firewall rules, DNS settings, or newly adopted devices.
Weekly headline count for the current query.
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. [...]
Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. [...]
Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. [...]
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [...]
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...]
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. [...]
Since yesterday, customers of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's cloud services. [...]
Nickolas Sharp, a former senior developer of Ubiquiti, was sentenced to six years in prison for stealing company data, attempting to extort his employer, and aiding the publication of misleading news articles that severely impacted the firm's market capitalization. [...]
Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker's cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti's network and trying to extort his employer while posing as an anonymous hacker and a whistleblower. [...]