×

Warning

JUser: :_load: Unable to load user with ID: 43

JUser: :_load: Unable to load user with ID: 40

UBIQUITI - Security bug

Detecting and removing

router ubnt
Reacting to the revealed vulnerability, we released ISPadmin, version 4.20, which included a utility for detecting and curing infected Ubiquiti units. Due to the emergency situation we released the very first version of the utility quickly.

Now we are presenting the utility with enhanced functionalities.

alert icon Run the utility from ISPadmin console (connected via SSH) under root user, ISPadmin does not detect anything automatically!

/usr/local/script/ispadmin/ubnt_vulnerability_test.pl

 

When running the utility without any parameter, help is displayed.

terminal help

 

Check devices from ISP admin bookmark ROUTERS
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl check <username> <username2> <username3> <username4> <username5> - show ONLY vulnerable and infected ROUTERS ( AP )


Tests all Ubiquiti units inserted in Hardware Routers. If you run this command, the system tries to attack the unit, and if it succeeds, the console displays information with IP address and firmware version. If the system succeeds in connecting to Ubiquiti unit, it tries to determine whether there is the virus or not. If yes, it displays such information in the console. Nothing else. When 10 units are tested, a dot appears on the screen to show you that the script is still running and testing other units.


Check devices like AP ....( may take a long time )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl checkdevices <username> <username2> <username3> <username4> <username5>
  - show ONLY vulnerable and infected devices ( Acces points )


Tests all devices inserted as “Device attached to device” in Hardware Routers. In this case, the utility doesn´t care about device type since such information might not be available here. The utility tries to attack all IP addresses. If there are a lot of devices in your system, this might take a long time.

Check END USER devices ....( may take a long time )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl checkusers <username> <username2> <username3> <username4> <username5>
    - show ONLY vulnerable and infected client end device


Tests all IP addresses assigned to clients. The system tests all client-assigned IP addresses for it does not know whether a client has Ubiquiti device, or not. This operation might take a long time, since all IP addresses in the system are tested.

Clean INFECTED devices ( from previous check )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl cleaninfected
   - show vulnerable and infected devices and  REMOVE infection


If an infected unit is detected in the previous step, you may clean it this way. This operation connects to and cleans just those units, which are marked as infected. It means that prior to this step you have to run the utility with parameters check, checkdevices, or checkusers. Failing this no units are marked as infected and using parameter “cleaninfected” makes no difference.

 

terminal

A mandatory parameters are: check, checkdevices, checkusers, or cleaninfected. You may use user names, which you use for login to Ubiquiti units as an optional parameter. This is needed in cases when a key is stored in Ubiquiti unit after being attacked to enable login via ssh without password. You need to know the user name with which you connect to the system. If unknown, you won´t be able to connect. While running the vulnerability test, a default user name ubnt and user admin are tested. If you use neither of these, the script won´t be able to test vulnerability hence the need for entering a different username used for accessing the unit (no need for password). Then the system will try using these usernames.

 

Listing of UBNT units in ISPadmin

When you log into ISPadmin, you will see information about Vulnerability of UBNT devices:

ubnt upozorneni

 

In Other Tools > Vulnerability of UBNT devices, you will find a tool for displaying vulnerable devices as detected by the utility - see above.

ubnt seznam

 

alert icon Check the box at the end of each row (or check all, or you may use reversed selection) to select those devices, for which you want the system to update firmware - by clicking on on the bottom.

System Variables

Read more ... (index.php?option=com_content&view=article&id=1380&...

System security of ISPadmin

1. ISPADMIN 1.1 SettingsSyst. settingsSecurity Click on Enable Maximum sec...

No permission for adding overpayment into client´s credit

If you are trying to add overpayment, and see Permission denied message you h...

SNMP template setup

Add - Add device (index.php?option=com_content view=article id=1320:add-devic...

Google Maps setup

Get API key You have to get an API key in order to be able to start using Go...

SMS gateway setup

ISPadmin system supports sending and receiving of SMS messages through a cell ph...

Some of system bookmarks are not displayed

This often happens if you change administrator account parameters in Settings ...

Rate exponent

ISPadmin multiplies speeds defined in tariff setup (index.php?option=com_cont...

How to create system administrators for ISPadmin

Add/control administrator accounts in Client card / History (index.php?option=co...

Is it possible to set a specific speed for IPTV service?

No, it is not possible. You cannot set up special speed profiles for the IPTV...

How to set the description of a pending item on an invoice

Go to Settings Syst. settings Inventory. In the Description of pending items ...

How to set the invoicing period for the VoIP service

In Settings Syst. settings General in the voip_offset item, you can state tha...

Contract templates

You can create your own contract templates in system variables (index.php?option...

Expiring contracts

Fixed-term contracts only Settings Other E-mail: Create a template an...

«
»

CONTACT

NET service solution, s.r.o.
Žerotínova 3056/81a
787 01 Šumperk
Czech Republic