Ubiquiti EdgeRouter Vulnerability has a PoC exploit which can be weaponized
Take action: If you are using Ubiquiti devices or anything running an Open Source network Operating System, plan your next patch schedule. Yes, the attacker needs to be on the LAN in order to compromise the router, but are you quite certain that all endpoints connecting to your LAN don't carry malware which can scan and identify vulnerable network devices?
Learn More
Ubiquiti EdgeRouter and AirCube devices have a recently patched vulnerability, tracked as CVE-2023-31998. The vulnerability could be exploited to execute arbitrary code.
The vulnerability, described as a heap overflow vulnerability, can be leveraged over a LAN connection, allowing attackers to potentially interrupt UPnP service on vulnerable devices.
The vulnerability resides in the MiniUPnPd service, and LAN attackers can exploit it to overflow an internal heap and execute arbitrary code.
Proof-of-concept code targeting the issue is available, primarily focusing on Ubiquiti EdgeRouterX devices.
While the issue has been resolved in MiniUPnPd, other products relying on MiniUPnPd or router distributions may still ship with vulnerable versions. Products relying either directly on upstream MiniUPnPd, or on router distribution such as OpenWrt, VyOS or DD-WRT still ship today with vulnerable MiniUPnPd.
Ubiquiti has released software updates for affected UPnP-enabled EdgeRouter (firmware version 2.0.9-hotfix.7) and AirCube (firmware version 2.8.9).
