The Ubiquiti company is specifically focused on wired and wireless networking issues, selling high-performance manageable switches and good quality Wi-Fi access points, and with a really interesting quality-price ratio, both for the small and medium-sized business market. , as well as for “advanced” home users. They have recently begun to market another series of products, such as professional IP cameras, video intercoms, telephone systems, electric vehicle chargers and more. A few days ago the news came out that a UniFi Network’s serious security flawbelow we explain how it affects you.
UniFi Network is the centralized management software for gateways, manageable switches and WiFi access points, from where we carry out all the configurations in a single way, and they are subsequently distributed to the different teams of the professional network. This software is not only responsible for the configuration, but also for monitoring all the equipment and the network in general. We could say that it is both the brain and the heart of the network, so it is essential to protect it properly.
What does this critical vulnerability consist of?
A security researcher has discovered that instances of the UniFi Network application running on a UniFi Gateway console with versions 7.5.176 and earlier implement the adoption of devices with insecure access control logic, creating a very real risk of access to device configuration information by an attacker. A very important aspect is that for this attack to be carried out, it is absolutely necessary for this attacker to be previously connected to the network, which somewhat reduces the risk of being attacked, but this security flaw is classified as critical severity with a score of 10.0 out of 10.0that is, the maximum that currently exists in the industry.
The products affected by this vulnerability They are UDM, UDM-PRO, UDM-SE, UDR and UDW, that is, the entire Ubiquiti Dream range is affected by this vulnerability and it is absolutely necessary that you update the software as soon as possible so that it does not affect you. Right now the manufacturer has released a new update to solve this critical bug, you need to update your devices to version 7.5.187 or higher to rest assured.
Ubiquiti’s security is in question
In recent years, the manufacturer Ubiquiti has been involved in a large number of security flaws in all its products. It must be taken into account that cybersecurity in any network is essential, and that involves making software that is very well designed and free of vulnerabilities. Although 100% security does not exist, the truth is that other manufacturers do much better in this section, since there are no known security flaws as serious as those of this company, which is still one of the most recommended by the proper functioning of its professional WiFi access points that we can see everywhere.
Some of the security failures of recent years are related to the Ubiquiti UniFi Cloud Key, where you could get the administration password and take full control of the equipment and the entire network, since it is in charge of acting as the central controller of the APs and switches. Another security flaw that caused quite a bit of talk is related to the firmware of the devices themselves, where an attacker by entering a URL could take control of the device. On another occasion, this manufacturer’s devices were part of a botnet to carry out distributed denial of service attacks. On other occasions, Ubiquiti has hidden important security flaws in its cloud, causing users to change their access passwords. Finally, more recently it was discovered that in the process of updating the firmware of the devices, a Man in the Middle attack could be carried out and a malicious firmware image could be uploaded, to later take control of said device.
As you can see, Ubiquiti has had quite important security flaws over time, both with end devices and with its Cloud.
