BleepingComputer reported this week that CISA has added three Ubiquiti UniFi vulnerabilities to its list of known exploited flaws, meaning hackers are actively using them right now.
These three matter together: one lets an attacker break in without a password, one exposes saved credentials and config files, and one lets them run commands on the device directly. Security researchers found that an attacker can chain all three to take full control of a vulnerable device with no login required.
Ubiquiti released a fix back in May; however, many devices still running the old firmware are vulnerable.
None of our managed environments use UniFi devices, so if you are a managed IT client of ours, this threat doesn’t affect the infrastructure we support for you.
You can read the original article here: “CISA warns of max severity Ubiquiti flaws exploited in attacks.”
