Chad 
It's not often you see a CVE perfect 10.
Anyone with a #Ubiquiti #Unifi network needs to update their Network controller immediately.
Stephen Gentle@chad Hmm, weird, mine uses the Debian repo and for some reason that's still at 10.0.162... Anyway, just shut it down, I don't actually need it running unless my APs lose power and restart, but the UPS should take care of that.
Harald Hannelius 
@stephengentle @chad you, as well as me, got fucked by ubiquiti. They yeeted all packages from their repo, so updates failes silently. This happened in February, my controllers (3) are all a couple of versions behind since sometimes in February. Just before a CVE 10.0 is released.
Also, they now recommend you to change to unifi network os or somesuch. With very short notice. Arch changes in prod. Nope.
This is not how they should treat their customers! Irresponsible and arrogant. I'm so pissed at #ubiquiti now.
@harald @stephengentle if you're not running the binary on their hardware I don't know what to tell you.
@chad @stephengentle which binary and what hardware are you talking about? We have hundreds of unifi devices. They all run their binary.
if you have hundreds of unifi devices, you could read the CVE to know it's the network controller that needs updating. If you have hundreds of unifi devices, you really ought to pony up for a network controller device.
I have a hard time believing you have hundreds of devices running the Unifi Network controller under your purview.
The controller is what needs updating, if you need it reiterated.
@chad @stephengentle please don't be condescending.
We moved to Unifi just for this particular reason. We don't want a single proprietary point of failure anymore. We want good radios, and a controller that we can monitor on the OS level (we have the expertise), and run it on a high availability virtualisation platform. I don't see the controller as the beef of the product, the radios are.
Ubiquiti pulling the rug (repo) from under their customers is a really shitty move.
Hundreds is a bit steep, over a hundred is more correct.
@chad @harald It was a supported distribution channel that just today I find out they seem to have randomly abandoned with zero warning or notice, while they’ve been releasing updates for critical vulnerabilities elsewhere.
Thousands of their customers will be relying on this like we were, I’m really quite shocked at Ubiquiti here!