CVE-2013-3572

Title

Cross-site scripting vulnerability in the administer interface of UniFi Controller

Description

The UniFi Software displays a clients hostname aside many other metadata. The hostname provided by an attacker is shown as a hyperlink (clicking it opens a context menu to apply multiple settings to it). However, As the implementation does not escape the hostname when displaying it in the interface, an attacker is able to include arbitrary HTML and JavaScript code, resulting in an XSS vulnerability.

Impact

An attacker can forge a special hostname and use script-injection or a cross-site scripting to make unauthorized changes or to inject abtrary HTML content when the wireless client's information happens to be renderred into the UI.

Solution

Upgrade your UniFi Controller to 2.3.6 and after.

Credit

The vulnerability was discovered by Moritz 'momo' Frenzel (mail@moritzfrenzel.de). Who immediately contacted our team at Ubiquiti. And to shackspace (Stuttgart hackerspace) for providing the infrastructure.