Ubiquiti have seen virus activity taking network devices offline in the last few days. In most cases devices have been reset to factory defaults. In other cases, devices are still operational, but inaccessible. The virus is using an HTTP/HTTPS exploit that doesn’t require authentication. Simply having a radio with out-of-date firmware and having its HTTP (port 80)/HTTPS (port 443) interface exposed to the Internet is enough to get infected.
The following devices / firmware are not affected.
Ensure the Safety of Your Devices
Ubiquiti takes these threats seriously and has created a patch and an Android app to diagnose and fix the problem. To check your devices and remove the virus, please use the removal tool.
Note: The tool has the ability to upgrade airMAX M series devices to airOS v5.6.5, which completely disables custom script usage. If a device is inaccessible, TFTP recovery will be required to reset it to factory defaults.
Share this story with your friends or work colleagues. If you want to stay up to date with our latest products, industry news and offers you can sign up to our monthly newsletters, keep up to date with us on Facebook or follow us on twitter @4Gon.