ubnt_logo_basic_flat_colorOver a year ago shackspace migrated its Wifi infrastructure to an all-Ubiquiti setup because our previous setup made up of consumer grade TP-Link access points was neither stable nor could it cope with enough clients to cover 30+ visitors to the space. We’ve decided to pick up a few UniFi access points and were really happy with the ease of installation as well as management capabilities.

However, this wouldn’t be a hackerspace if there wasn’t someone applying a bit more scrutiny than usual to the new toys.
In this case it was shackspace hacker momo who soon discovered a serious flaw in the UniFi controller management web interface.

After following the best practice of responsible disclosure, now, a year later, momo can talk about the details behind the issue.
A fix for the bug discovered has already made its way into updates quite a while ago so if you kept your infrastructure up to date, you’re already safe from that particular bug.

The bug in question allowed an attacker to forge a special DHCP hostname (e.g. containing HTML and Javascript code) and inject this information into the UniFi controller web interface where it was then executed.

The issue was assigned CVE-2013-3572 and was just now released. If you’re still running UniFi 2.3.5 or older, now’s a good time to update ;)

flattr this!



Urspünglich gepostet: Oktober 23rd, 2013
Tags: Allgemein

Reader's Comments

  1. Christian Frericks | Oktober 30th, 2013 at 10:10

    Die Anzahl der Clients hängt mit dem RAM zusammen, bzw. ob
    AirMax verwendet wird.
    Grob kann man sagen

    16Mb Ram ca. 30 Clients (Kein N-Draft, z.b. Picostation2)
    32Mb Ram ca. 60 Clients (Nanostation M2/M5, Nanostation Loco M2/M5 Loco, Bullet M2/M5)
    64Mb Ram ca. 120 Clients (Rocket M2/M5, PowerBridge M5)

    In meiner Freizeit repariere ich unteranderem Ubiquiti AP’s, habe noch über 30 defekte Ubiquiti AP’s,
    wenn Interesse besteht könnte ich dem Club Hardware zur Verfügung stellen.
    (Rocket’s, Nanostation’s uvm., z.Z. keine UniFi)

Leave a Comment