Re: Critical Vulnerability in Ubiquiti UniFi

Posted by Tim Schughart on Oct 03

Hi Carlos,

you are correct that mongo is bound to 127.0.0.1 only. But you are able to get it remote if you are using the Unify
Controller Software.

So the db gets tunneled to your device.

Test environment:
1. I have configured the AP to our network.
2. I have removed every piece of software for configuring the ap.
3. I have installed the Unify Manager (for Mac 5.2.7.)
4. I’m able to connect to the database via 127.0.0.1

Network…