You are reading a single comment by @aggi and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
aggi
tl;dr Probably don't worry about it too much. Power-cycle your hardware if it has become unresponsive. Make sure you update your firmware as soon as Ubiquiti release a patch (which should be very soon).
On second read of the issue, it's less serious than I first thought (unless you're a website owner and you're getting DDOS'ed). As far as I'm aware, this vulnerability can only been used to launch DDOS attacks, and can't be used to compromise your network (i.e. redirect traffic, modify traffic, scan your internal network for known vulnerabilities, etc). So that's good.
Some Ubiquiti kit exposes port 10001, to be used for service discovery and miscreants have found a way to exploit this service by sending carefully crafted packets. This vulnerability has been actively exploited since the middle of 2018.
The exploit resides in volatile memory, so it's wiped out simply by power-cycling your hardware, but obviously if you've been infected before, chances are you'll be infected again.
The rapid7 blog post details a way of testing whether you're exposed, by sending a special payload of port 10001, but you'll need Linux and testing from inside your network may not give a reliable result.
If you were able to SSH into your router previously, and can't now, that seems to be a pretty good indicator that you've been compromised.