Ubiquiti firmware update failure
This vulnerability is current in the technique of firmware update. This is important on any machine, particularly whether it is linked to the community, so customers ought to apply these updates as quickly as they’re out there. However, in this case, the flaw permits a Man-in-the-Middle attacker to sneak a malicious firmware picture, designed to assault the machine, at the second in which the laptop updates mechanically. The vulnerability was registered as CVE-2021-22909 / ZDI-21-601.
It was safety researcher awxylitol who noticed this downside and shortly introduced it in control. The failure permits, via an operational command, so as to add that system picture that may be up to date. In the case of Ubiquiti EdgeRouter, the template system it makes use of is supplied by vyatta-op.
The command, which we are able to see in GitHub, it’ll enable the execution of the firmware update. Specifically confirm with a ubiquiti server the newest firmware model, the obtain tackle, and can add it every time there’s something new.
However, the error logged as ZDI-21-601, permits an attacker to make use of a self-signed certificates and spoof obtain area. This won’t present any form of alert to the machine, so the person would probably not know that he’s putting in a firmware that has been maliciously modified.
Therefore, we are able to say that in the occasion that a hypothetical hacker carried out a Man-in-the-Middle assault, it may impersonate the official area fw-download.ubnt.com to update Ubiquiti firmware, however it might really offer malicious firmware.
Attackers would wish a legitimate certificates with personal key, one thing they might accomplish by attacking the machine or by acquiring a certificates for that area. But this error permits this with out having that area certificates. This all comes right down to the lack of authentication in the firmware binary. It is at all times necessary to search for community vulnerabilities.
From Ubiquiti they’ve solved this error with their safety update v2.0.9-hotfix.1. For this motive, it’s at all times necessary to verify if there are new variations and patches that we are able to add to our techniques or units. So we are able to appropriate issues which will come up. In this fashion we are able to appropriate the error CVE-2021-22909 / ZDI-21-601. We can see all the complete information of this vulnerability.
However, an attention-grabbing answer to keep away from this error is to obtain the firmware file manually and never use the computerized update. We have seen that an attacker may rely exactly on the computerized set up to sneak a maliciously modified firmware.