News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability

For those unfamiliar with this latest WPA2 Security Vulnerability, please bear in mind the problem is on the client device, not the AP. Therefore rushing to patch your APs is not going to solve all the problems in your network from this vulnerability!

Of course, if you’re using WPA-TKIP (or using ‘both’ TKIP and AES), you DO have more problems than this attack. Therefore please ensure that any support for TKIP is disabled!  If you’re using WEP, this vulnerability will not affect you, but then again, you have even bigger problems anyway!
Continue reading “News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability” »

News: Latest Ubiquiti vulnerability info

As many of you are probably aware, a lot of Ubiquiti devices running old firmware are under a new wave of attack taking advantage of an old vulnerability that was fixed a year ago.

In response to this latest wave of problems for some WISPs, Ubiquiti have thoughtfully emailed everyone on their mailing lists with their latest advice, namely:

“In recent days, we’ve seen virus activity taking network devices offline. In most cases, devices are reset to factory defaults. In other cases, devices are still operational, but inaccessible. The virus is using an HTTP/HTTPS exploit that doesn’t require authentication. Simply having a radio with out-of-date firmware and having its HTTP (port 80)/HTTPS (port 443) interface exposed to the Internet is enough to get infected.”
Continue reading “News: Latest Ubiquiti vulnerability info” »

News: Ubiquiti Fixes HTTP(S) vulnerability

Ubiquiti released new firmware three weeks ago for their AirMax and AirFiber radios to fix a serious vulnerability that allowed unauthenticated users to gain access.  In theory no one except internal support staff should be able to get access to any interface of your internal radio network. But just in case any one could get access from anywhere in the world you may wish to read this…
Continue reading “News: Ubiquiti Fixes HTTP(S) vulnerability” »

News: CVE-2015-0235 RouterOS NOT affected by GHOST glibc security risk

mikrotik_router

 

MikroTik have confirmed that no version of RouterOS suffers from the security vulnerability CVE-2015-0235. See Mikrotik Forum for confirmation.

 

 

 

News: CVE-2014-6271 – RouterOS not affected by latest security risk with Bash

mikrotik_routerMikroTik have confirmed that RouterOS does not use Bash and therefore security vulnerability CVE-2014-6271  does not apply to their RouterOS Operating System. See Mikrotik Forum for confirmation.