Ubiquiti firmware patch stomps nasty redirect bug from login screen
If you skipped the fix, fair enough - it landed before the vulnerability report
Popular wireless networking hardware vendor Ubiquiti patched a couple of serious vulnerabilities back in March and April – without telling the people who reported the bugs.
If sysadmins weren't paying attention, they might not have noticed the importance of the patches.
An exploit would be fairly straightforward, since all the attacker needed to do was append their own site as the login page's target:
Affected products include AirRouter, the TS-8-PRO switch, and various transceivers in the LBE, NBE, PBE, and RM2-Ti access points.
The other bug affected the company's EdgeRouter products. An initialisation error in
/files/index created a reflected cross-site-scripting vulnerability that would let an attacker hijack a user's session.