[Community] Fwd: [afnog] Ubiquiti AirOS/AirMax worm in the wild

Omo Oaiya Omo.Oaiya at wacren.net
Sun May 15 10:21:47 GMT 2016


For those that run Ubiquity

-Omo
---------- Forwarded message ----------
From: "Phil Regnauld" <regnauld at nsrc.org>
Date: 15 May 2016 7:59 a.m.
Subject: [afnog] Ubiquiti AirOS/AirMax worm in the wild
To: <afnog at afnog.org>
Cc:

Forwarding this from a colleague. The reference to the PHP exploit could
> be related, but either way, it's happening now.
>
> - - - -
>
> I'm told that the local WISP operator community is dealing with a new
> worm[1] that exploits Ubiquiti AirOS devices running older firmwares.
> This could potentially be a lot of devices.
>
>
> http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
> has ISPs from Spain, Brasil, and the US reporting infections in the
> last 24 hours.
>
> Versions prior to these are vulnerable:
>
> 5.5.11 XM/TI.
> 5.5.10u2 XW
> 5.6.2 XW/XM/TI
>
> There looks to be some more information here:
> https://hackerone.com/reports/73491
>
> If you know anyone who makes use of UBNT AirOS products, now might be
> a time to give them a nudge.
>
>
> [1] quote from the forums "It's a self-distributing virus, so, once it
> can "see" neighbour antenas within the same subnet, it attacks the
> others."
>
> - - - -
>
>
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wacren.net/mailman/private/community/attachments/20160515/0b836255/attachment.html>


More information about the Community mailing list