CVE-2026-21639
📋 TL;DR
This vulnerability allows attackers within Wi-Fi range to execute arbitrary code on affected Ubiquiti airMAX and airFiber devices by exploiting a flaw in the airMAX Wireless Protocol. The vulnerability affects specific versions of airMAX AC, airMAX M, airFiber AF60-XG, and airFiber AF60 products. Successful exploitation could lead to complete device compromise.
💻 Affected Systems
- airMAX AC
- airMAX M
- airFiber AF60-XG
- airFiber AF60
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full control of the wireless device, can modify configurations, intercept network traffic, install persistent backdoors, and pivot to other network segments.
Likely Case
Attacker executes arbitrary code to disrupt network services, steal credentials, or use the device as a foothold for further attacks.
If Mitigated
With proper patching, the vulnerability is eliminated; with network segmentation, impact is limited to the wireless segment.
🎯 Exploit Status
Exploitation requires attacker to be within Wi-Fi range and understand the airMAX protocol. No authentication is required to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: airMAX AC ≥ 8.7.21, airMAX M ≥ 6.3.24, airFiber AF60-XG ≥ 1.2.3, airFiber AF60 ≥ 2.6.8
Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba
Restart Required: Yes
Instructions:
1. Log into device management interface. 2. Navigate to System > Upgrade. 3. Upload appropriate firmware file for your device model. 4. Apply upgrade and wait for automatic reboot. 5. Verify new firmware version is installed.
🔧 Temporary Workarounds
Physical Access Restriction
allLimit physical access to areas within Wi-Fi range of affected devices
Network Segmentation
allIsolate wireless devices on separate VLANs with strict firewall rules
🧯 If You Can't Patch
- Physically relocate devices to areas with controlled access
- Implement strict network segmentation with firewall rules limiting device communication
🔍 How to Verify
Check if Vulnerable:
Check firmware version in device web interface under System > Status or via SSH using 'cat /etc/version'Check Version:
ssh admin@device_ip 'cat /etc/version' or check web interface System > StatusVerify Fix Applied:
Confirm firmware version matches or exceeds patched versions: airMAX AC ≥ 8.7.21, airMAX M ≥ 6.3.24, airFiber AF60-XG ≥ 1.2.3, airFiber AF60 ≥ 2.6.8📡 Detection & Monitoring
Log Indicators:
- Unexpected firmware version changes
- Unauthorized configuration modifications
- Unusual process execution in system logs
Network Indicators:
- Unusual outbound connections from wireless devices
- Protocol anomalies in airMAX traffic
- Traffic patterns inconsistent with normal operation
SIEM Query:
source="ubiquiti_device" AND (event_type="firmware_change" OR event_type="config_modification")