Today, Ubiquiti has released a new firmware update for the UniFi Security Gateway line of devices. Version 4.4.51 has already been pushed to controllers and fixes quite an important security issues, one was where attackers could crash the PPPoE process on the USG, so long as the attackers is on the same broadcast domain.
Version 4.4.51 is now out for the USG-3P, USG Pro 4 and the now discontinued USG-XG.
The PPPoE client security update fixes a vulnerability that allows an attacker on the same broadcast domain as your WAN to crash the pppd process, and may allow code execution on the system. Attempts at code execution are extremely unlikely to succeed from what is currently known, particularly since many attempts are likely to be required, and each attempt will crash pppd leaving you disconnected from the Internet until rebooting USG. The same broadcast domain requirement means compromising your DSL modem or ISP’s equipment is required to even attempt to do so. It is not exploitable from the Internet, nor from internal networks. While the immediate risk is minimal, we recommend all PPPoE users upgrade as soon as practical, in case a reliable code execution exploit is developed and ISPs and/or DSL modems start getting compromised to exploit it.
- Properly handle RADIUS server user passwords containing quotes and backslashes.
- Update PPPoE client with CVE-2020-8597 security patch.