AI Security AI安全 2d ago Updated 2d ago 更新于 2天前 46

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS Ubiquiti 修复 UniFi Connect、Talk、Access、Protect 和 OS 中的关键漏洞

Ubiquiti released urgent patches for critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, addressing risks of privilege escalation and arbitrary command execution. High-severity flaws include a CVSS 10.0 command injection in UniFi Connect, authenticated SQL injection in UniFi Talk, and SSRF in UniFi Protect, all fixable via immediate software updates. Although these specific flaws show no active exploitation, CISA flagged related UniFi OS vulnerabilities as weaponized in Ubiquiti发布紧急安全更新,修复了UniFi Connect、Talk、Access、Protect及OS中的多个高危漏洞,涉及命令注入、SQL注入、SSRF及权限提升。 关键漏洞CVE-2026-50746评分高达10.0,允许网络访问者执行主机命令注入;其他多个漏洞评分在9.0至9.9之间,风险极高。 尽管未发现当前列出的漏洞被利用,但CISA已确认此前存在的UniFi OS漏洞已被武器化,且俄罗斯国家支持的黑客曾利用Edge OS路由器组建僵尸网络。 受影响产品包括UniFi Connect (v3.4.20+)、UniFi Talk (v5.2.2+)、UniFi Access

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Ubiquiti released urgent patches for critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, addressing risks of privilege escalation and arbitrary command execution.
  • High-severity flaws include a CVSS 10.0 command injection in UniFi Connect, authenticated SQL injection in UniFi Talk, and SSRF in UniFi Protect, all fixable via immediate software updates.
  • Although these specific flaws show no active exploitation, CISA flagged related UniFi OS vulnerabilities as weaponized in the wild, and historical context includes Russian state-sponsored actors using compromised hardware for botnets.

Why It Matters

This update is critical for organizations relying on Ubiquiti’s ecosystem for network infrastructure, as unpatched systems are susceptible to complete compromise through command injection and privilege escalation. The presence of weaponized vulnerabilities in similar components highlights an active threat landscape where IoT and networking gear are increasingly targeted by sophisticated actors, necessitating immediate remediation to prevent lateral movement within corporate networks.

Technical Details

  • UniFi Connect (CVE-2026-50746): Improper access control allowing command injection; CVSS 10.0. Fixed in version 3.4.20.
  • UniFi Talk (CVE-2026-50747): Authenticated SQL injection leading to privilege escalation; CVSS 9.9. Fixed in version 5.2.2.
  • UniFi Access (CVE-2026-50748 & CVE-2026-54400): Command injection via improper input validation (CVSS 9.9) and privilege escalation via improper access control (CVSS 9.1). Both fixed in version 4.2.29.
  • UniFi Protect (CVE-2026-55115): SSRF allowing low-privilege users to escalate privileges; CVSS 9.9. Fixed in version 7.1.83.
  • UniFi OS (CVE-2026-54402 & CVE-2026-55116): Command injection via input validation errors (CVSS 9.9) and unauthorized device changes via access control flaws (CVSS 9.0). Both fixed in version 5.1.19.

Industry Insight

  • Immediate Patching Priority: Administrators must prioritize updating all UniFi components to the specified versions, as the high CVSS scores indicate easy exploitability for attackers with network access.
  • Supply Chain Vigilance: The reference to CISA-flagged weaponized vulnerabilities suggests that attackers are actively probing for known weaknesses in popular networking hardware; maintaining strict version control and monitoring for new CVEs is essential.
  • Network Segmentation: Given the risk of privilege escalation from low-privilege accounts, enforcing strict network segmentation between IoT devices and core infrastructure remains a vital defense-in-depth strategy.

TL;DR

  • Ubiquiti发布紧急安全更新,修复了UniFi Connect、Talk、Access、Protect及OS中的多个高危漏洞,涉及命令注入、SQL注入、SSRF及权限提升。
  • 关键漏洞CVE-2026-50746评分高达10.0,允许网络访问者执行主机命令注入;其他多个漏洞评分在9.0至9.9之间,风险极高。
  • 尽管未发现当前列出的漏洞被利用,但CISA已确认此前存在的UniFi OS漏洞已被武器化,且俄罗斯国家支持的黑客曾利用Edge OS路由器组建僵尸网络。
  • 受影响产品包括UniFi Connect (v3.4.20+)、UniFi Talk (v5.2.2+)、UniFi Access (v4.2.29+)、UniFi Protect (v7.1.83+)及UniFi OS (v5.1.19+),用户需立即升级。

为什么值得看

对于依赖Ubiquiti生态系统的企业IT和安全团队而言,此次批量高危漏洞修复至关重要,因为攻击面覆盖了从网络接入到物理安防的多个核心组件。文章揭示了物联网/网络设备作为僵尸网络跳板的现实威胁,强调了及时修补和版本管理在零信任架构中的基础地位。

技术解析

  • 漏洞类型与严重性:本次修复涵盖多种经典Web/API漏洞。包括不正确的访问控制(导致权限提升)、不正确的输入验证(导致命令注入)、认证SQL注入以及服务器端请求伪造(SSRF)。CVSS评分普遍在9.0以上,其中CVE-2026-50746为满分10.0,表明无需认证即可通过命令注入完全控制主机。
  • 受影响组件与版本
    • UniFi Connect: 影响v3.4.16及更早版本,修复至v3.4.20。
    • UniFi Talk: 影响v5.1.2及更早版本,修复至v5.2.2。
    • UniFi Access: 影响v4.2.28及更早版本,修复至v4.2.29。
    • UniFi Protect: 影响v7.1.77及更早版本,修复至v7.1.83。
    • UniFi OS: 影响v5.1.15及更早版本,修复至v5.1.19。
  • 威胁情报背景:虽然本次列出的新漏洞尚无野外利用证据,但CISA指出此前三个UniFi OS漏洞(CVE-2026-34908/9/10)已在真实攻击中被武器化。此外,历史上俄罗斯APT组织曾利用Edge OS路由器组建名为MooBot的僵尸网络进行恶意流量代理,凸显了底层固件安全的长期风险。

行业启示

  • 供应链安全与第三方依赖风险:Ubiquiti作为广泛使用的网络基础设施提供商,其漏洞直接影响下游企业的网络安全边界。企业应建立严格的第三方软件/硬件补丁管理流程,将此类IoT/NVR设备的更新纳入常规运维周期。
  • 物联网设备的安全基线建设:鉴于漏洞多涉及命令注入和权限提升,表明许多IoT设备在API设计和输入验证上存在先天不足。行业需推动更严格的安全开发生命周期(SDL)标准,特别是在处理远程管理和配置接口时。
  • 持续监控与威胁狩猎:即使厂商尚未披露漏洞被利用,鉴于CISA的警告和历史APT活动模式,安全团队应立即对现有网络进行异常行为监控,特别是针对UniFi相关服务的未授权访问尝试和异常出站连接。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全