Legacy and AF5x still infected


  • F
    Beta Testers

    Dear UBNT Support

    we have probably 200 to 300 infected devices on our network (total 1.000 users)

    tonight we were able to remove the malware from a first PowerBeam M5-300, using the new tool version 0.8:

    http://www.ubnt.com/downloads/XN-fw-internal/tools/CureMalware-0.8.jar

    (and prior to that, a factory reset, which worked)

    the customer got his cpe back at midnight and has already reinstalled it

    Questions:

    a) which tool can we use for cleanup of a legacy Bullet5?

    we fear we have >80 infected Bullet5 and also maybe 20 Nanostation5 (same firmware if I remember right)

    The Nanostation5 was the breakthrough product that convinced us in 2008 to start deploying Ubiquity cpes. We still have hundred pieces on net.

    I also think that with older Bullet5 and Nanostation5, the POE PSU reset button is not recognized, it was a newer feature, so we have to climb on each customer´s roof, that could be a real nightmare!

    b) which tool can we use for cleanup of a AirFiber5x?

    we have two infected AF5x too

    none of them is answering to a local ping or a local ssh access attempt, both link sides are affected, neither on the assigned IP nor on the factory IP (192.168.1.20), no answer at all

    on the 24V high-power AF5x POE PSU I can´t see a factory reset button; should we climb on two towers for that? or could we use a standard 24V 1A Gigabit POE PSU with reset button, and the AF5x will recognize the remote reset?

    behind that nonworking AF5x link (not exposed to Internet, but still infected, even if NO other device on that subnet is infected, that´s really strange I think) we have 50 clients; when the link will work again, we will know how many of that customers are working and how many are infected.

    Thank you for your advice.

    Best regards

    Francesco


  • Ubiquiti Employee

    Francesco772 wrote:

    Dear UBNT Support

    we have probably 200 to 300 infected devices on our network (total 1.000 users)

    tonight we were able to remove the malware from a first PowerBeam M5-300, using the new tool version 0.8:

    http://www.ubnt.com/downloads/XN-fw-internal/tools/CureMalware-0.8.jar

    (and prior to that, a factory reset, which worked)

    the customer got his cpe back at midnight and has already reinstalled it

    Questions:

    a) which tool can we use for cleanup of a legacy Bullet5?

    we fear we have >80 infected Bullet5 and also maybe 20 Nanostation5 (same firmware if I remember right)

    The Nanostation5 was the breakthrough product that convinced us in 2008 to start deploying Ubiquity cpes. We still have hundred pieces on net.

    I also think that with older Bullet5 and Nanostation5, the POE PSU reset button is not recognized, it was a newer feature, so we have to climb on each customer´s roof, that could be a real nightmare!

    b) which tool can we use for cleanup of a AirFiber5x?

    we have two infected AF5x too

    none of them is answering to a local ping or a local ssh access attempt, both link sides are affected, neither on the assigned IP nor on the factory IP (192.168.1.20), no answer at all

    on the 24V high-power AF5x POE PSU I can´t see a factory reset button; should we climb on two towers for that? or could we use a standard 24V 1A Gigabit POE PSU with reset button, and the AF5x will recognize the remote reset?

    behind that nonworking AF5x link (not exposed to Internet, but still infected, even if NO other device on that subnet is infected, that´s really strange I think) we have 50 clients; when the link will work again, we will know how many of that customers are working and how many are infected.

    Thank you for your advice.

    Best regards

    Francesco


    Sending you an email


  • C
    Beta Testers

    Hi . It seems were are experiencing similar problems with our AF5 and AF5X. Can I get that email as well?


  • H
    Beta Testers

    Email me as well. Same issue.


  • T
    Beta Testers

    @UBNT-James we have a few NSM5's that are affected as well.  I'd appreciate an email.  In particular, I'd like to know the attack vector used.


Posts 5Views 1
Log in to reply

Looks like your connection to Ubiquiti Networks Community was lost, please wait while we try to reconnect.