Security · 2h ago
CISA warns of active exploits against Ubiquiti, Lantronix flaws
CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: a critical OS command injection in Ubiquiti UniFi OS (CVE-2021-44261) and a high-severity flaw in Lantronix serial-to-ethernet servers (CVE-2024-52563). Both are actively exploited in attacks, with the Ubiquiti bug carrying a CVSS score of 9.8. Organizations using affected devices are urged to apply patches immediately.
Meridian48 take
While these are not zero-days, the active exploitation and CISA's directive underscore how unpatched network infrastructure gear remains a prime target for attackers.
Read the full reporting
CISA warns of max severity Ubiquiti flaws exploited in attacks →
Bleeping Computer
cisa-warningubiquiti-flaw