As many of you are probably aware, a lot of Ubiquiti devices running old firmware are under a new wave of attack taking advantage of an old vulnerability that was fixed a year ago.
In response to this latest wave of problems for some WISPs, Ubiquiti have thoughtfully emailed everyone on their mailing lists with their latest advice, namely:
“In recent days, we’ve seen virus activity taking network devices offline. In most cases, devices are reset to factory defaults. In other cases, devices are still operational, but inaccessible. The virus is using an HTTP/HTTPS exploit that doesn’t require authentication. Simply having a radio with out-of-date firmware and having its HTTP (port 80)/HTTPS (port 443) interface exposed to the Internet is enough to get infected.”
“Devices running the following firmware are NOT affected:”
airMAX M v5.6.2 or later
airMAX ac v7.1.3 or later
airGateway v1.1.5 or later
airFiber v2.2.1 or later
airFiber X v18.104.22.168 or later
“Ubiquiti takes these threats seriously and has created a patch and an Android app to diagnose and fix the problem. To check your devices and remove the virus, please use the removal tool. Note: The tool has the ability to upgrade airMAX M series devices to airOS® v5.6.5, which completely disables custom script usage. If a device is inaccessible, TFTP recovery will be required to reset it to factory defaults.”
More information is available on the ubnt community forum.
If you have been affected by this attack and require assistance, then please do call us so that we can help you get control of your network back as quickly as possible.