I didn't see mention of a vulnerability other than the use of a common default password with Ubiquity. So naughty, but users really should be now be in the habit of changing default passwords, and not leaving management interfaces open to the internet. For pfSense I think I recall a slew of XSS vulnerabilities in the past, but I think that has been it. I haven't looked at pfSense in a while since switching to Vyos though.
