module
Ubiquiti airOS Arbitrary File Upload
| Disclosed |
|---|
| Feb 13, 2016 |
Disclosed
Feb 13, 2016
Description
This module exploits a pre-auth file upload to install a new root user
to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys.
FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten.
/etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true.
This method is used by the "mf" malware infecting these devices.
to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys.
FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten.
/etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true.
This method is used by the "mf" malware infecting these devices.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.