Hacker News new | past | comments | ask | show | jobs | submit login

Before paying for a Ubiquiti product, take a look at how they treat the GPL:

https://en.wikipedia.org/wiki/Ubiquiti_Networks#Open-source_...




They also run PHP 2.0 (sic!) on all routers - https://www.theregister.co.uk/2017/03/16/ubiquiti_networking...


"A command injection vulnerability was found in 'pingtest_action.cgi.' This script is vulnerable since it is possible to inject a value of a variable. One of the reasons for this behavior is the used PHP version (PHP/FI 2.0.1 from 1997),"

The first time I heard someone is using a pre PHP 3 version. Must be perl/cgi based and really old stuff. Why do they even ship with an inbuilt web server with cgi enabled - it's so outdated and screams 1995 tech. (even back in 2002 cgi, and Perl and PHP3 were considered outdated, and we had already PHP 4)


EdgeOS is dumping PHP for Python in the next release, due any day now (already publicly in beta). Not sure the exact stack, but probably based on Python 2.7.


What's even more impressive is this:

"In 2015, Ubiquiti revealed that it lost $46.7 million when its finance department was tricked into sending money to someone posing as an employee."

How does that even happen?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: