Vulnerability Disclosed in Ubquiti Networks Admin Interface | Threatpost

Security
Written By Thomas Fraley

The command injection flaw exposes the Ubiquiti admin interface to a number of risky attacks, SEC Consult said. For example, an attacker could connect to a vulnerable device by opening a port binding or reverse shell, and also change the password because the service runs as root. “The vulnerability can be exploited by luring an attacked user to click on a crafted link or just surf on a malicious website,” SEC Consult said in its advisory. “The whole attack can be performed via a single GET-request and is very simple since there is no CSRF protection.”

Thomas Fraley
I am a tech enthusiast whose main focus is making technology easy again for everyone. Educated with degrees in network engineering and project management. I've worked in the entertainment industry for a decade as a director of information technology for global companies pioneering the way. A few years ago I decided to give back and have been helping young entrepreneur startups off on the right foot.
www.lifewithtech.net
Previous

Apple just did a very un-Apple thing: It admitted it needs to re-think its high-end Macs | Recode
Next

Hackers Threaten to Remotely Wipe 300 Million iPhones Unless Apple Pays Ransom | The Hacker News