At least this portion of the protocol is quite simple, requiring a simple 4-byte message that elicits a large response including the name, model, firmware version, IPs, MACs, and sometimes the ESSID if it is a wireless device of some manner. Research has learned that this service is used for a variety of things, including device discovery to facilitate easily locating of Ubiquiti devices in a managed environment. Ubiquiti recently acknowledged that this was an issue, has released a workaround, and is in the process of putting together an official fix.
Quick sleuthing by the security community showed that this issue has been brewing since the summer of 2018.
29, the Rapid7 Labs team was informed of an interesting tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service (DoS) attacks using a service on 10001/UDP.
