Jump to content
Калькуляторы

пора обновить firmware доступен exploit

title: Authenticated Command Injection

product: Multiple Ubiquiti Networks products, e.g.

TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16,

AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M,

AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti,

BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5,

locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22,

NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365,

NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP,

Power AP N

vulnerable version: v1.3.3 (SW), v5.6.9/v6.0 (XM)

 

 

Share this post


Link to post
Share on other sites

Есть общее решение - ip-адреса устройств должны быть в отдельном влане, и недоступны из публичных сетей.

Share this post


Link to post
Share on other sites

Так, а на какую версию обновлять?

6.0.1 ?

Edited by TTvs

Share this post


Link to post
Share on other sites

command injection может эксплуатировать только авторизованный пользователь!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this