[SANOG] Ubiquiti AirOS/AirMax worm in the wild
regnauld at nsrc.org
Sun May 15 06:59:29 UTC 2016
Forwarding this from a colleague. The reference to the PHP exploit could
be related, but either way, it's happening now.
- - - -
I'm told that the local WISP operator community is dealing with a new
worm that exploits Ubiquiti AirOS devices running older firmwares.
This could potentially be a lot of devices.
has ISPs from Spain, Brasil, and the US reporting infections in the
last 24 hours.
Versions prior to these are vulnerable:
There looks to be some more information here:
If you know anyone who makes use of UBNT AirOS products, now might be
a time to give them a nudge.
 quote from the forums "It's a self-distributing virus, so, once it
can "see" neighbour antenas within the same subnet, it attacks the
- - - -
More information about the sanog