dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4282
share rss forum feed


treichhart

join:2006-12-12

1 recommendation

[Equipment] If anybody using Ubiquity Equipment you might want t

Hey Guys
If anybody in here using ubiquity equipment you might want to read this topic on there forum: »ubnt.com/forum/showthread.php?go···&t=45137


jcremin

join:2009-12-22
Siren, WI
kudos:2

1 edit

Re: [Equipment] If anybody using Ubiquity Equipment you might wa

Tim is right... check out that link. Major security hole. Basically anyone can get root access to your UBNT equipment without a username or password simply by accessing the device with a url formatted certain way. If you want to see it with your own eyes, go to the UBNT forum and you'll find a translated page where it shows you the format of the URL.



WHT

join:2010-03-26
Rosston, TX
kudos:5

1 edit
reply to treichhart

Google Translation

Google translated [ Link deleted ]

Two weeks ago we began to address the special behavior of our wireless routers, which are randomly restart. Our astonishment at dismay grew when I discovered that the routers are running processes that are not in the new facility and none of the team is not already installed there. And so we know Skynet virus.

Fortunately, the virus is not spread completely on all wireless routers, not so "perfect" is not, and to my life needs the following:

[ Portion deleted ]

The above devices are quite popular local Internet providers, so the virus affected or will affect quite a lot of people.
What causes the virus?

We managed to capture a few modifications, but they all have in common:

[ Portion deleted ]

Among other things, the virus causes random restarts the device, probably the exhaustion of free memory, but in a modified and targeted WiFi router reboots.

[ Portion deleted ]

The virus can be removed by logging into the device via ssh and type the following commands.

[ Portion deleted ]

The manufacturer of the error we already informed two weeks ago, but has not yet responded to our notice or appeal has not firmware (corrected AirOS module for lighttpd). Fortunately, thanks to the GPL license we have access to the source code, so we can build a custom firmware's past, which does not suffer from error.
Martin Kratochvil

Martin Kratochvil is a network administrator Skvely.net.

/edit Had to correct the Google translation URL
/edit To remove specific information


SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4

2 edits
reply to treichhart

Re: [Equipment] If anybody using Ubiquity Equipment you might wa

Click for full size
Stop spamming GoD#$a*mmi%t
Thanks for the warning, but since Uniquity continues to sell defective radios even after they know of the defects, I have switched to alternate products. Uniquity is a dying company that has run it's course and has already cashed in, but I will cherish their memories forever !

Edit - Added screenshot
--
Every breath you take, Every move you make, Every single day and Every word you say... I'll be watching you. - The Police.

voxframe

join:2010-08-02
reply to treichhart

Not happy at all about Ubnt trying to cover this shit up!!

Thanks for bringing it here since they won't deal with it publicly.


cooldude9919

join:2000-05-29
kudos:5
reply to treichhart

Scary stuff. Glad all of our ubnt stuff is on private ip ranges.



Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2

Mine aren't.

New firewall rule in place for the time being...
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca



WHT

join:2010-03-26
Rosston, TX
kudos:5

1 edit
reply to voxframe

said by voxframe:

Not happy at all about Ubnt trying to cover this shit up!! ... Thanks for bringing it here since they won't deal with it publicly.

OP said it was reported two weeks ago.

Anyway, I backed up all six pages of the thread up 5 AM Central time.


matthardy
Premium
join:2007-01-23
Atlanta, GA
kudos:2
reply to treichhart

Hi all,
We just were made aware of this issue late last night / this morning. We are working hard to release a fix today.

We're not trying to hide that an issue exists, just to keep the specifics of the issue (i.e. exactly how to reproduce -- post 3 above) at a minimum to try to keep that information out of the wrong hands.

We'll provide an update on our forum soon with fix information soon.

-Matt



WHT

join:2010-03-26
Rosston, TX
kudos:5

Deleted the details from my post #3



orso

@rainside.sk
reply to WHT

I have today compiled from sdk for nanostation M5 , cleared admin.cgi and add rules to lighttpd.conf , it seems as usable build, test it
»www.orso.sk/nanostationm5/XM.v5.···1130.bin


DRIVE71

join:2005-06-08
reply to treichhart

I've always had firewall rules in place on the main router. I didn't like all the SSH attempts etc going over the network. But what about our customers? They can see their own radio. Should we enable firewall rules on the CPE? It will make things harder to set up though



treichhart

join:2006-12-12
reply to treichhart

They have released the updated security firmware:

»ubnt.com/forum/showthread.php?p=···st236171


Airnode

join:2006-09-01
Germany

found it on 2 devices in my net removed it and updated security firmware done..how ever updated all others too. Thanks UBNT for the fast reaktion.

all good and fine so far but what i really wonder about is
why in the world place executable cgi's in the main www folder instead of a symlink called from a corospondig http content back to a main.cgi ore what ever you want in a other not directly accessible folder?


spectrumhead

join:2009-05-03
reply to SipSizzurp

said by SipSizzurp:

Thanks for the warning, but since Uniquity continues to sell defective radios even after they know of the defects, I have switched to alternate products. Uniquity is a dying company that has run it's course and has already cashed in, but I will cherish their memories forever !

Edit - Added screenshot

Would you mind explaining in detail on how ubnt is a dying company and which radios are defective that you are speculating about ?


treichhart

join:2006-12-12
reply to treichhart

Yea I want that answer also. I think Ubnt is going to continue to be a power house on making products for WISP's.


jdmarti1
Jack

join:2004-06-15
Oilton, OK

1 recommendation

reply to SipSizzurp

said by SipSizzurp:

Thanks for the warning, but since Uniquity continues to sell defective radios even after they know of the defects, I have switched to alternate products. Uniquity is a dying company that has run it's course and has already cashed in, but I will cherish their memories forever !

Edit - Added screenshot

I am really confused by this one too. UBNT was informed of a flaw, and immediately resolved the issue. UBNT has always been pretty straightforward in my experiences when they had an issue. If they are dying - I would say we are all screwed, cuz they have made the ROI much better for many of us. They have also made other competitors have to work much harder to earn our business.
--
»magicwisp.com

wolfcreek

join:2003-12-02
Pagosa Springs, CO

1 recommendation

reply to SipSizzurp

We have not received anymore defective radios from Ubiquiti than any other company. We have over 600 of these deployed and have little or no issues with them. Please explain what problems you are having

By the way Ubiquiti is publicly traded and seems to be profitable


soportec
Premium
join:2006-01-06
reply to treichhart

a friend of mine showed me that url in the ubiquiti a few months ago when i was trying to figure out some scripting and stuff and i saw were i could reboot the devices, add scripts and stuff without even knowing the password. I didnt think about someone using it as a virus spreader. I guess I was wrong. But seeing how that has been there for a couple years already it is a wonder it was just now exploited.
--
HONDURAS WISP NANO2 Clusters With 5.8 MT-Ubnt Backhauls to 11 towns


pacmanfan
Premium
join:2003-11-22
Mansfield, MO
reply to spectrumhead

said by spectrumhead:

Would you mind explaining in detail on how ubnt is a dying company and which radios are defective that you are speculating about ?

Perhaps he's referring to the Loco/Nanobridge M2 units with low Rx strength. As far as I know, new stock from distros continues to have the bug. Doesn't mean UBNT is dying, though!!
--
"thats what i need, a digi cam for when i need to take pictures. im not going to go around taking photos and stuff." Julio


DaDawgs
Premium
join:2010-08-02
Deltaville, VA

1 edit
reply to treichhart

Very satisfying to see they have patched the firmware already.


rtrice81

join:2010-01-05
reply to treichhart

if anyone wants to sell their used ubnt gear, let me know as its all junk now and i am looking to scrap it



WHT

join:2010-03-26
Rosston, TX
kudos:5

If they want to sell it, would that not imply you want to buy it? Why buy anything if you're going to junk it?


thewisperer
Premium
join:2008-01-16
reply to treichhart

J: I thought he was joking: any snow in Texas: none in Ottawa

Is that why no other versions than the new one is available on the ubnt site?



WHT

join:2010-03-26
Rosston, TX
kudos:5

It's snowing in the county west of me. Light snow off and on up on my farm in Oklahoma.

If it snows here in Texas tonight, it will be the first time I've ever seen more than a quarter inch of snow. And it will be especially cool because it's Brian's birthday Sunday morning.



Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2

said by WHT:

It's snowing in the county west of me. Light snow off and on up on my farm in Oklahoma.

If it snows here in Texas tonight, it will be the first time I've ever seen more than a quarter inch of snow.

I live in Canada and have yet to see a 1/4 inch of snow this year. Very rare. Its very depressing. Cant ski on the grass
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca

jcremin

join:2009-12-22
Siren, WI
kudos:2

said by Inssomniak:

said by WHT:

It's snowing in the county west of me. Light snow off and on up on my farm in Oklahoma.

If it snows here in Texas tonight, it will be the first time I've ever seen more than a quarter inch of snow.

I live in Canada and have yet to see a 1/4 inch of snow this year. Very rare. Its very depressing. Cant ski on the grass

We have maybe in inch where I'm at in Wisconsin it will probably be all melted in the next few days... very unusual.


treichhart

join:2006-12-12
reply to treichhart

Well I am in ohio and yet seen 3inches + and we are almost in January you can thank global warming for this.

Most we had in dec was about 2inches and that was maybe second week of dec then it melted all the way then we had noting but freaking rain we had close to 60 inches of rain for the month of dec.