CZE flag SVK flag ENG flag USA flag GER flag FRA flag SPA flag ITA flag HUN flag ROM flag BOH flag SRB flag HRV flag XMN flag
Product Search
You are here: / Addressing Security Concerns All prices without VAT 

Addressing Security Concerns

 

Important i4wifi security warning



Addressing Security Concerns

Ubiquiti take network security very seriously and has fixed the authenticated command injection vulnerability for all affected products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the firmware for your devices. UniFi®, EdgeMAX®, and AmpliFi™ products are not affected.

While Ubiquiti acknowledge that all vulnerabilities are serious, they believe this issue rates fairly low in terms of threat severity, because it requires being authenticated to the management web interface, or tricking an authenticated administrator into opening a targeted, crafted URL in the browser where they are logged in to the affected device. Ubiquiti strongly backs our security measures:

  • Dedicated Security Director focused 100% on Ubiquiti® software vulnerabilities and supported by a strong group of engineers

  • Participation in third-party vulnerability assessment programs such as HackerOne, where we have given out substantial rewards

  • Significant investment retaining third-party external security audit company to review our software solutions frequently


Ubiquiti are currently addressing the php2 code concern, which will be eliminated from applicable code bases within the next few weeks.

  ***

Latest Firmware Updates

Ubiquiti has updated the firmware for the affected devices. Please update the firmware of your devices to the version listed here:



DEVICES

USE FIRMWARE

airMAX M

v6.0.1 or later

airMAX AC

v8.0.1 or later

TOUGHSwitch

v1.3.4 or later

airGateway

v1.1.8 or later

airFiber

v3.2.2 or later

airFiber X

v3.2.2 or later

airFiber 4X

v3.4.1 or later

airFiber 11X

v3.6.1 or later