Ubiquiti UniFi Security Advisory
Date of Notice: 02/3/2022
Action Level - Critical
Following the release of the widespread Log4J vulnerability (CVE-2021-44228) in December, security researchers have now observed an exploit in the wild targeting vulnerable Ubiquiti UniFi devices. This exploit could allow a remote attacker to execute code and make changes to your network configuration. A fix for this vulnerability was released in December, and this attack is only effective against non-updated devices. We recommend verifying patch levels of all Ubiquiti devices on your network and patching out of date devices as soon as possible.
- Ubiquiti Unifi Network 6.5.53 and earlier
- In addition to patching, Ubiquiti also recommends disabling external access to these devices if currently enabled.
- Update to Unifi Network 6.5.54 or later