UBIQUITI - Security bug

Detecting and removing

router ubnt
Reacting to the revealed vulnerability, we released ISPadmin, version 4.20, which included a utility for detecting and curing infected Ubiquiti units. Due to the emergency situation we released the very first version of the utility quickly.

Now we are presenting the utility with enhanced functionalities.

alert icon Run the utility from ISPadmin console (connected via SSH) under root user, ISPadmin does not detect anything automatically!



When running the utility without any parameter, help is displayed.

terminal help


Check devices from ISP admin bookmark ROUTERS
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl check <username> <username2> <username3> <username4> <username5> - show ONLY vulnerable and infected ROUTERS ( AP )

Tests all Ubiquiti units inserted in Hardware Routers. If you run this command, the system tries to attack the unit, and if it succeeds, the console displays information with IP address and firmware version. If the system succeeds in connecting to Ubiquiti unit, it tries to determine whether there is the virus or not. If yes, it displays such information in the console. Nothing else. When 10 units are tested, a dot appears on the screen to show you that the script is still running and testing other units.

Check devices like AP ....( may take a long time )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl checkdevices <username> <username2> <username3> <username4> <username5>
  - show ONLY vulnerable and infected devices ( Acces points )

Tests all devices inserted as “Device attached to device” in Hardware Routers. In this case, the utility doesn´t care about device type since such information might not be available here. The utility tries to attack all IP addresses. If there are a lot of devices in your system, this might take a long time.

Check END USER devices ....( may take a long time )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl checkusers <username> <username2> <username3> <username4> <username5>
    - show ONLY vulnerable and infected client end device

Tests all IP addresses assigned to clients. The system tests all client-assigned IP addresses for it does not know whether a client has Ubiquiti device, or not. This operation might take a long time, since all IP addresses in the system are tested.

Clean INFECTED devices ( from previous check )
/usr/local/script/ispadmin/ubnt_vulnerability_test.pl cleaninfected
   - show vulnerable and infected devices and  REMOVE infection

If an infected unit is detected in the previous step, you may clean it this way. This operation connects to and cleans just those units, which are marked as infected. It means that prior to this step you have to run the utility with parameters check, checkdevices, or checkusers. Failing this no units are marked as infected and using parameter “cleaninfected” makes no difference.



A mandatory parameters are: check, checkdevices, checkusers, or cleaninfected. You may use user names, which you use for login to Ubiquiti units as an optional parameter. This is needed in cases when a key is stored in Ubiquiti unit after being attacked to enable login via ssh without password. You need to know the user name with which you connect to the system. If unknown, you won´t be able to connect. While running the vulnerability test, a default user name ubnt and user admin are tested. If you use neither of these, the script won´t be able to test vulnerability hence the need for entering a different username used for accessing the unit (no need for password). Then the system will try using these usernames.


Listing of UBNT units in ISPadmin

When you log into ISPadmin, you will see information about Vulnerability of UBNT devices:

ubnt upozorneni


In Other Tools > Vulnerability of UBNT devices, you will find a tool for displaying vulnerable devices as detected by the utility - see above.

ubnt seznam


alert icon Check the box at the end of each row (or check all, or you may use reversed selection) to select those devices, for which you want the system to update firmware - by clicking on on the bottom.

Tips on how to use this documentation



Searching required information is possible either via structured menu which is divided into sections, or via full-text search of the entire contents of this on-line documentation.

This aid will make it possible for you to find out where exactly you are at the moment.

If, for example, the following appears beneath the main menu - ISPadmin Wiki / ENG / Client management / Menu - CLIENTS / Clients / Message Board / Groups - it means that you are:


  • in the Wiki documentation of the ISPadmin system
  • in its English localization
  • in the Client management section
  • in the Clients tab
  • in the Message board subtab
  • in the Groups sub-subtab


It contains newly added functionalities and modifications of the system which are displayed by versions and issue date. Changelog articles are also displayed in individual sections / pages of the documentation which relate to new functionality or modification. 

Basic orientation

You will find a welcoming menu with basic instruction on trying / implementing / using below. 


Frequently asked questions along with most important procedures and settings are listed in FAQ section. 


Items which refer to real system menu are highlighted in corresponding colour, including their graphical background. Eg. Invoicing Settings Templates Reminders. This is also a working reference to an article. 


NET service solution, s.r.o.
Žerotínova 3056/81a
787 01 Šumperk
Czech Republic