Researchers Publish PoC Exploit for Recent Ubiquiti EdgeRouter Vulnerability

Company SSD Secure Disclosurespecializing in penetration testing and vulnerability detection, warned about the ability to execute arbitrary code on devices Ubiquiti EdgeRouter and AirCube. To do this, attackers can use vulnerability type “heap overflow” (Heap Overflow), which was fixed in the latest firmware updates, but devices with an outdated software version are still affected.

Vulnerability received an identifier CVE-2023-31998 and associated with the demon MiniUPnPdwhich is responsible for protocol support UPnP. This protocol allows devices on a local network to automatically discover each other and exchange information.

According to Ubiquiti, an attacker can disrupt the UPnP service on a vulnerable device if it has access to the local network. SSD Secure Disclosure also notes that an attacker could overflow the internal heap and potentially execute arbitrary code.

SSD Secure Disclosure has published technical details about the vulnerability and PoC–exploit for its operation. This exploit targets Ubiquiti EdgeRouterX devices, which are also under attack.

According to SSD Secure Disclosure, the vulnerability was fixed in MiniUPnPd, but did not receive a separate CVE identifier. It is possible that other network devices using vulnerable versions of MiniUPnPd could also be attacked.

“Other products based either directly on MiniUPnPd or router distributions such as OpenWrt, VyOS or DD-WRT still ship with the vulnerable MiniUPnPd,” SSD Secure Disclosure said in a statement.

At the end of June, Ubiquiti announced the release of software updates for affected UPnP-enabled devices: EdgeRouter (firmware version 2.0.9-hotfix.7) and AirCube (firmware version 2.8.9).

While there is no evidence that the vulnerability has been exploited in actual attacks, users of Ubiquiti products are advised to update their devices as soon as possible.