[Ninux-Wireless] IMPORTANT INORMATION - AirOS Security Exploit -- Updated Firmware

OCBexpress (Valer;o) ocbexpress a gmail.com
Mar 20 Dic 2011 14:23:22 CET

Buone notizie per chi vuole divertirsi con i buchi di sicurezza :/

---------- Forwarded message ----------

Dear customers,

We contact you in order to inform that a very important vulneability has
been detected on the Ubiquiti Networks devices

(NanoStation, Loco, Bullet, Nanobridge, Powerbridge, Powerstation,
Picostation, etc ...) with the following firmware versions:

    802.11 products - AirOS v3.6.1/v4.0 (previous versions are not affected)
    AirMax products- AirOS v5.x (all versions)

This vulnerability allows access to the computer without a password and a
virus called Skynet can be installed in the Ubiquiti

machine, this virus acts sending messages on the traffic generated through
the port: 80 (http://), redirecting traffic to certain websites

and saturating wireless device memory, which causes unexpected reboots.

How is the virus?

The virus is a Linux script that is installed in a hidden directory and
after a reboot, begins to act.

How to detect if your computer is infected Ubiquiti?

Try opening the page http://wxyx/admin.cgi (where wxyz is the IP address of

If the page does not open, the computer has been infected since the virus
renames it adm.cgi

How do if my computer IS NOT INFECTED?

Immediately update their firmware version Ubiquiti equipment, you can
download the lastest firmware versions that have eliminated

the vulnerability at the following address:


How to proceed if my computer IS INFECTED?

There are three options:

1) Ubiquiti has pledged to launch within 24 hours, a tool to eliminate the
virus in an easy and fast way.
2) Reset the computer to "factory defaults" and then upgrade the firmware
3) Remove the script Skynet manually following the instructions detailed

Access to the computer via SSH and run the following commands:

rm / etc / persistent / rc.poststart
rm-rf. skynet

After removing the script skynet (virus) using the procedure, proceed to
ename the file adm.cgi to the original admin.cgi and upgrade the firmware
to the latest available to the team at the following address:


More information Ubqiuiti forum:

-------------- parte successiva --------------
Un allegato HTML รจ stato rimosso...
URL: <http://ml.ninux.org/pipermail/wireless/attachments/20111220/0a99b2d4/attachment-0001.html>

Maggiori informazioni sulla lista Wireless