Now Reading
Ubiquiti customers report gaining access to others’ UniFi routers, cameras

Ubiquiti customers report gaining access to others’ UniFi routers, cameras

2023-12-15 04:00:22

Ubiquiti

12/14/23 replace with data from Ubiquiti added beneath.

Since yesterday, customers of Ubiquiti networking units, starting from routers to safety cameras, have reported seeing different individuals’s units and notifications via the corporate’s UniFi cloud companies.

Ubiquiti is a well-liked networking gadget producer providing a cloud-based UniFi platform the place admins can handle all their units from a single cloud portal.

The primary report of those points was from yesterday morning at round 8 AM ET when a Ubiquiti buyer incorrectly obtained a notification via UniFi Shield from another person’s safety digicam.

“I am reaching out for some recommendation concerning a peculiar scenario we encountered with UniFi Shield. Lately, my spouse obtained a notification from UniFi Shield, which included a picture from a safety digicam,” reads a Reddit post.

“Nonetheless, this is the twist – this digicam would not belong to us.”

UniFi Protect notification of another customer's camera
UniFi Shield notification of one other buyer’s digicam
Supply: Reddit

To make issues worse, one other Ubiquiti buyer says that after they logged into the UniFi Website Supervisor portal to handle their units, they noticed 88 units from one other buyer’s account.

“Nonetheless this time I used to be introduced with 88 consoles from one other account. I had full entry to those consoles, simply as I might my very own. This was solely stopped after I pressured a browser refresh, and I used to be introduced once more with my consoles,” explains the UniFi buyer.

“That is considerably regarding, Has anybody else had this challenge?”

Screenshot allegedly showing another customer's UniFi devices
Screenshot allegedly exhibiting one other buyer’s UniFi units
Supply: Ubiquiti forums

An identical expertise occurred with others on Reddit who says they logged in and had entry to another person’s UDM Professional and have been capable of handle the gadget and create additional WiFi networks.

In each conditions, as soon as the portal net web page was refreshed, they have been proven the units normally related to their accounts.

When BleepingComputer contacted Ubiquiti about these points, we have been instructed they’re at present gathering data to evaluate what’s inflicting the problems. Ubiquiti says that they’ll challenge an announcement after the overview is full.

Workers have already began gathering data on Reddit and the corporate’s boards, reaching out to impacted clients to be taught extra about what occurred.

“This isn’t anticipated habits. We reached out through Reddit Chat to assemble extra particulars and have our leads overview instantly,” reads a comment from an Ubiquiti consultant on Reddit

See Also

Some clients are skeptical that that is really taking place, saying that Ubiquiti ought to be given time to analyze the problem.

Nonetheless, different customers are frustrated that Ubiquiti is not coming forth with a public assertion or itemizing it as a possible challenge on the corporate’s community standing web page, contemplating that customers are reporting that they’ll modify different’s networking configurations.

Brought on by UniFi entry misconfiguration

Ubiquiti has issued an announcement saying that the bug permitting entry to different clients’ units was attributable to a misconfiguration in an improve to the UniFi cloud infrastructure.

The corporate says that 1,216 Ubiquiti accounts, which they name “Group 1,” have been related to a separate group of 1,177 Ubiquiti accounts, often known as “Group 2.

This misconfiguration allowed accounts in Group 2 to obtain notifications meant for accounts in Group 1. It additional allowed Group 2 accounts to see the units of Group 1 clients when logged into the UniFi cloud administration portal.

Ubiquiti says this challenge occurred on December 13, between 6:47 AM and three:45 PM UTC, and has since been fastened.

The corporate remains to be investigating the incident however believes that solely twelve accounts have been improperly accessed by different Ubiquiti clients. Account holders whose accounts have been accessed by mistake might be notified through e-mail.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top