As reported by Ubiquiti network gear can be 'hijacked by an evil URL' – thanks to its 20-year-old PHP build el reg. Seems pretty sensational on the face of it!
Critical ubiquiti remote root vuln
- Thread starter Jon Massey
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
There is more discussion about this in the reddit post here: Security flaws disclosed affecting multiple Ubiquiti products • r/Ubiquiti
This seems to be pretty bad behavior by UBNT - not updating to modern tool stacks, allowing a backlog/bottleneck to form in their review of security reports, slow to fix, etc.
However - needs a small clarification: this applies to UBNT Routing and firewall products - not to Unifi APs/Switchs or IOT devices like mFI. So if you have Unifi APs or switches - probably the largest use case for readers here - you don't need to panic (yet - given the red flags noted above there may still be issues lurking here too).
However - needs a small clarification: this applies to UBNT Routing and firewall products - not to Unifi APs/Switchs or IOT devices like mFI. So if you have Unifi APs or switches - probably the largest use case for readers here - you don't need to panic (yet - given the red flags noted above there may still be issues lurking here too).
Chris Buechler wrote a good synopsis of the issue here: Security flaws disclosed affecting multiple Ubiquiti products • r/Ubiquiti
As others have mentioned, UniFi and UniFi Video devices are not affected by this vulnerability. I'm part of the UniFi team and I can assure you we take security very seriously. HackerOne reports are evaluated, triaged, and addressed very quickly by the UniFi teams. We also stay on top of vulnerabilities as they are announced and integrate fixes as quickly as possible.
As others have mentioned, UniFi and UniFi Video devices are not affected by this vulnerability. I'm part of the UniFi team and I can assure you we take security very seriously. HackerOne reports are evaluated, triaged, and addressed very quickly by the UniFi teams. We also stay on top of vulnerabilities as they are announced and integrate fixes as quickly as possible.
Last edited:
Thanks pricklypunter. I'm not really here in an official capacity, but we like to remain engaged with the community. I followed STH and lurked in the STH forums long before I joined Ubiquiti. This site and the community here are good resources for gathering more perspectives on our gear and the market in general, all of which is folded back in to our product roadmaps and iterative improvements.Welcome onboard Tom