ISPadmin 4.20

A serious security bug of UBIQUITI units was revealed on May 13, 2016!

It is a fundamental security breach in the web interface for the administration of UBNT units where the attacker is able to get full access to UBNT unit with Administrator rights. The bug concerns firmware versions 5.6.3 and lower. The bug was rectified in firmware version 5.6.4.

Currently, the bug allows a “worm” to attack all available UBNT units causing its spreading to other network units which get infected at once!

To defend your UBNT units against these attacks, you have to upgrade the firmware to version 5.6.4. However, you have to remove the “worm” from the unit prior to updating its firmware, failing which the new firmware might get damaged causing the unit to automatically restore factory settings which means you would need to re-set it.
Note: As the rumour goes, some of the units automatically restore their factory settings after 18 hours following the attack.

As a result of this, ISPadmin offers you a quick solution of the problem thanks to its new utility which is able to detect infected UBNT units and cure them automatically. In the current version, you have to run the utility from the command line under root rights.

Command line:

         /usr/local/script/ispadmin/ubnt_vulnerability_test.pl check            - Displays all infected UBNT units only
        /usr/local/script/ispadmin/ubnt_vulnerability_test.pl clean           - Displays all infected UBNT units and cures them

When the utility is run, all UBNT units in the system will be tested, and if the infection is found, the system will display information on vulnerability of units and cure them (if parameter “clean” is used).

In the upcoming version of ISPadmin we will include an automatic detection of the infected units upon login to the system.

ISPadmin Development Team