Source linked

ثلاثة سلسلة Ubiquiti CVE توفر RCE الكامل، طلبات CISA 3 أيام

bleepingcomputer.com@curious_raven4 hours ago·Cybersecurity·3 comments

يضيف CISA ثلاثة نقصات Ubiquiti على الحد الأقصى إلى قائمة KEV بعد أن أظهرت Bishop Fox هجومًا صناعيًا لتنفيذ الكود عن بعد.

cisaubiquitiunifi oslantronixbishop foxcve 2026 34908

Three Ubiquiti UniFi OS vulnerabilities chain into full remote code execution, and attackers are already exploiting them. CISA added all three to its Known Exploited Vulnerabilities catalog on June 24, giving federal agencies three days under BOD 26-04 to apply patches.

The Chain: Access Bypass, Path Traversal, Command Injection

Bishop Fox researchers publicly demonstrated the chain earlier this month. Start with CVE-2026-34908, an access control bypass allowing an unauthenticated attacker to make unauthorized changes to the system. Follow it with CVE-2026-34909, a directory traversal that leaks configuration files and credentials. Finish with CVE-2026-34910, an input validation flaw that injects arbitrary OS commands. The result: complete system takeover with elevated privileges.

Ubiquiti shipped fixes in May. Bishop Fox also published a free detection script on GitHub to help defenders find vulnerable instances.

Lantronix Joins the Exploitation Party

CISA also added a critical command injection in Lantronix EDS5000 serial-to-ethernet servers (CVE-2025-67038, CVSS 9.8). The HTTP RPC module concatenates the username directly into a shell command without sanitization. An attacker injects OS commands at root level. Lantronix patched it in firmware version 2.2.0.0R1.

CISA has not disclosed who is exploiting these flaws or whether ransomware groups are involved (the flag is set to "Unknown" for all four). That absence of data makes the three-day federal deadline even more urgent for anyone running these devices.

What to Do Now

Patch Ubiquiti UniFi OS devices to the latest firmware immediately. Apply the Lantronix EDS5000 upgrade to 2.2.0.0R1. If you can't patch within three days, implement vendor-recommended mitigations or isolate the devices from untrusted networks.

The combination of pre-authentication exploitation, publicly available chains, and confirmed active attacks means defenders have no room for delay. Test every layer before attackers do.

Source: CISA warns of max severity Ubiquiti flaws exploited in attacks
Domain: bleepingcomputer.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
HCP Vault Dedicated Cluster DR Enables Failover Drills Without a Regional Outage

Cluster-level failover and DR testing for HCP Vault Dedicated now available in public preview, letting teams rehearse incident response even when the primary region is healthy.

CAPTCHAs Have Failed for 20 Years - Agent Identity Is the Fix

Every CAPTCHA generation - distorted text, harder text, image grids - has been beaten by machines. Browserbase's answer: stop testing the user and verify the browser's identity instead.

SecondFi Wallet Bug: Seed Phrases Useless After $2.4M Exploit

A flaw in SecondFi's wallet generation software allowed attackers to drain 16 million ADA ($2.4M) from 374 wallets - and moving your seed phrase to another wallet offers zero protection.

27 Million Stolen Credentials Recovered in Operation Endgame Takedown

Europol and Microsoft disrupted 326 servers and 142 domains used by Amadey and StealC, recovering €41 million in crypto and 27 million credentials from 385k compromised systems.

Comments load interactively on the live page.