A worm is reportedly spreading across thousands of Ubiquiti Networks routers running outdated firmware. In a security advisory, a Ubiquiti spokesperson said that over the past week, the worm has been using a known exploit to infect airOS M devices. The worm creates its own account on the compromised device and, from there, conducts mass infections of other routers both within the same subnet and on other networks.
The attacks affect the following Ubiquiti devices running outdated firmware: airMAX M, airMAX AC, airOS 802.11G, ToughSwitch, airGateway, airFiber.
Any router that runs older versions of the firmware and has its HTTP/HTTPS interface exposed to the Internet could be infected. Ubiquiti released a patch for this vulnerability almost a year ago. However, as is often the case on these devices, many routers may still have old firmware installed.