Security Release for airMAX, TOUGHSwitch, and airGateway Released

by Ubiquiti Employee on ‎07-17-2015 08:05 AM - last edited on ‎07-29-2015 12:58 PM by Ubiquiti Employee

Hi all,

We've just released a very important security release of the following products: 

 

  • airMAX v5.6.2
  • airMAX AC v7.1.3
  • TOUGHSwitch v1.3.2
  • airGateway v1.1.5

The primary change in these versions is a fix for a vulnerability that allows unauthenticated users to gain access to the device via HTTP(s). 

 

All previous versions are affected. 

 

It's highly recommended to upgrade to the latest versions as soon as possible. If you have any questions, feel free to open a new thread or send me an email (matt@ubnt.com).

 

For downloads and full release notes on these versions, please see:

https://downloads.ubnt.com

 

EDIT: We have released updated versions of 5.5.x with this security update. You can find these under "Past Firmware" section.

 

XM.v5.5.11.28002.150723.1344.bin

TI.v5.5.11.28002.150723.1518.bin

XW.v5.5.10-u2.28005.150723.1358.bin (XW units shipping with 5.5.11 will need to use 5.6.2+.  5.5.11 for XW is not patched)

 

For legacy airOS 4 devices. DOWNLOAD

XS5.ar2313.v4.0.4.5074.150724.1344.bin

XS2.ar2316.v4.0.4.5074.150724.1340.bin

 

 

 

NOTE: This vulnerability was reported via our Hacker Bug Bounty program under private disclosure. At this time we have no reason to believe there are any leaks of this information or known exploits. 

 

Thanks,
Matt