Security experts are warning Ubiquit users of a vulnerability that has already been exploited in the wild.
Last week, the researcher Jim Troutman, consultant
According to the expert, the devices are affected by a
The vulnerability is not a novelty in the security and Ubiquiti communities, in June the issue was discussed in a thread on the Ubiquiti forums where users were warning of a possible exploit used in the wild.
Now security experts at Rapid7 revealed that they were monitoring suspicious traffic destined for port 10001 for at least one year.
Ubiquiti is aware of the issue and is currently working on a firmware update that will address it anyway it is trying to downplay it.
“There has been some discussion lately about a bug in
“To our current knowledge, this issue cannot be used to gain control of network devices or to create a DDoS attack.”
Waiting for a fix, Ubiquiti recommends blocking UDP port 10001, but this solution could have a d
Scanning the Internet for vulnerable devices using the Rapid7’s Sonar project, experts found roughly 490,000 devices exposed online. Most of the vulnerable Ubiquiti devices are located in Brazil, followed by the United States, and Spain.
“By decoding the responses, we are able to learn about the nature of these devices and clues as to how or why they are exposed publicly.” continues Rapid7. For example, by grouping by the model names returned by these responses, we see big clusters around all sorts of Ubiquiti models/devices:”
The analysis of the names of the device revealed that in 17,000 cases they contain the string “HACKED-ROUTER-HELP-SOS,” a circumstance that suggests that they have already been hacked by exploiting other vulnerabilities.
Rapid7 reported its findings to US-CERT, CERT Brazil, and of course Ubiquiti.
(Security Affairs – hacking, Ubiquiti)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.