Active Exploitation of Vulnerability in Ubiquiti airOS Devices
Date: 20 May 2016
The purpose of this alert is to bring attention to a disclosed vulnerability in Ubiquiti airOS devices that is being actively exploited.
CCIRC is aware of attacks exploiting a critical vulnerability in Ubiquiti airOS. A patch addressing this vulnerability was released by Ubiquiti in 2015.
Unauthenticated access to a vulnerable airOS device's HTTP/HTTPS web interface (generally enabled by default) is required for exploitation. Devices with this web interface accessible from the internet are especially susceptible to exploitation, however it appears that exploited devices are able to compromise other vulnerable devices within the same network.
Exploitation of this vulnerability could allow an attacker to have root privilege on a device.
airMAX M (including airRouter)
Due to the potential risk presented by this vulnerability, CCIRC recommends that system administrators scan their infrastructure for potentially vulnerable systems and follow the vendor recommendations outlined in their Security Notice.
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: