Search criteria
32 vulnerabilities by Ubiquiti Inc
CVE-2025-52665 (GCVE-0-2025-52665)
Vulnerability from cvelistv5 – Published: 2025-10-30 23:30 – Updated: 2025-10-31 14:07
VLAI?
Summary
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.
Affected Products:
UniFi Access Application (Version 3.3.22 through 3.4.31).
Mitigation:
Update your UniFi Access Application to Version 4.0.21 or later.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Application |
Affected:
3.3.22 , ≤ 3.4.31
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:05:32.616691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:07:27.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Access Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThanOrEqual": "3.4.31",
"status": "affected",
"version": "3.3.22",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the management network could exploit a misconfiguration in UniFi\u2019s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.\u00a0\n \nAffected Products:\nUniFi Access Application (Version 3.3.22 through 3.4.31). \u2028 \n\nMitigation:\nUpdate your UniFi Access Application to Version 4.0.21 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:30:28.329Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52665",
"datePublished": "2025-10-30T23:30:28.329Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-10-31T14:07:27.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52663 (GCVE-0-2025-52663)
Vulnerability from cvelistv5 – Published: 2025-10-30 23:30 – Updated: 2025-12-02 18:30
VLAI?
Summary
A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.
Affected Products:
UniFi Talk Touch (Version 1.21.16 and earlier)
UniFi Talk Touch Max (Version 2.21.22 and earlier)
UniFi Talk G3 Phones (Version 3.21.26 and earlier)
Mitigation:
Update the UniFi Talk Touch to Version 1.21.17 or later.
Update the UniFi Talk Touch Max to Version 2.21.23 or later.
Update the UniFi Talk G3 Phones to Version 3.21.27 or later.
Severity ?
7.3 (High)
CWE
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Talk Touch |
Unaffected:
1.21.17 , < 1.21.17
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T15:36:11.348827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:30:25.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "UniFi Talk Touch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.21.17",
"status": "unaffected",
"version": "1.21.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "UniFi Talk Touch Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.21.23",
"status": "unaffected",
"version": "2.21.23",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "UniFi Talk G3 Phones",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "3.21.27",
"status": "unaffected",
"version": "3.21.27",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.\r\n\r\n\r\nAffected Products:\r\nUniFi Talk Touch (Version 1.21.16 and earlier) \r\nUniFi Talk Touch Max (Version 2.21.22 and earlier) \r\nUniFi Talk G3 Phones (Version 3.21.26 and earlier) \r\n \r\nMitigation:\r\nUpdate the UniFi Talk Touch to Version 1.21.17 or later.\r\nUpdate the UniFi Talk Touch Max to Version 2.21.23 or later.\r\nUpdate the UniFi Talk G3 Phones to Version 3.21.27 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:30:28.298Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52663",
"datePublished": "2025-10-30T23:30:28.298Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-12-02T18:30:25.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48979 (GCVE-0-2025-48979)
Vulnerability from cvelistv5 – Published: 2025-08-28 23:07 – Updated: 2025-08-29 13:17
VLAI?
Summary
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:16:20.270047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:17:04.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T23:07:04.604Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48979",
"datePublished": "2025-08-28T23:07:04.604Z",
"dateReserved": "2025-05-29T15:00:04.773Z",
"dateUpdated": "2025-08-29T13:17:04.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27216 (GCVE-0-2025-27216)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:16.906646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:58.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.177Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27216",
"datePublished": "2025-08-21T00:01:24.177Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:58.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27217 (GCVE-0-2025-27217)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:47
VLAI?
Summary
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
Severity ?
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.220 , < 2.4.220
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:24.559394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:47:06.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.220",
"status": "affected",
"version": "2.4.220",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.159Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/UISP-Application-2-4-220/b428b276-c4a6-4b90-b97b-1860ff2bb46d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27217",
"datePublished": "2025-08-21T00:01:24.159Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:47:06.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24285 (GCVE-0-2025-24285)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-22 03:55
VLAI?
Summary
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite.
Affected Products:
UniFi Connect EV Station Lite (Version 1.5.1 and earlier)
Mitigation:
Update UniFi Connect EV Station Lite to Version 1.5.2 or later
Severity ?
9.8 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Lite |
Affected:
1.5.2 , < 1.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T03:55:39.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "1.5.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite.\r\n \r\nAffected Products:\r\nUniFi Connect EV Station Lite (Version 1.5.1 and earlier)\r\n \r\nMitigation:\r\nUpdate UniFi Connect EV Station Lite to Version 1.5.2 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.227Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24285",
"datePublished": "2025-08-21T00:01:24.227Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-08-22T03:55:39.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27213 (GCVE-0-2025-27213)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:07
VLAI?
Summary
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.9.301 and earlier)
UniFi Connect Display Cast Pro (Version 1.0.78 and earlier)
UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)
Mitigation:
Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Update UniFi Connect Display to Version 1.13.6 or later
Update UniFi Connect Display Cast to Version 1.10.3 or later
Update UniFi Connect Display Cast Pro to Version 1.0.83 or later
Update UniFi Connect Display Cast Lite to Version 1.1.3 or later
Severity ?
4.9 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Pro |
Affected:
1.5.27 , < 1.5.27
(semver)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:07:33.904511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:07:45.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.27",
"status": "affected",
"version": "1.5.27",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.13.6",
"status": "affected",
"version": "1.13.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.10.3",
"status": "affected",
"version": "1.10.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.0.83",
"status": "affected",
"version": "1.0.83",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "1.1.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\nUniFi Connect Display (Version 1.9.324 and earlier)\r\nUniFi Connect Display Cast (Version 1.9.301 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.78 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later\r\nUpdate UniFi Connect Display to Version 1.13.6 or later\r\nUpdate UniFi Connect Display Cast to Version 1.10.3 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.83 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.3 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.222Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27213",
"datePublished": "2025-08-21T00:01:24.222Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:07:45.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27214 (GCVE-0-2025-27214)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
Mitigation:
Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station Pro |
Affected:
1.5.27 , < 1.5.27
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:23:09.292964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:51.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.5.27",
"status": "affected",
"version": "1.5.27",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect EV Station Pro (Version 1.5.18 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect EV Station Pro to Version 1.5.27 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.186Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27214",
"datePublished": "2025-08-21T00:01:24.186Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:51.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27215 (GCVE-0-2025-27215)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:46
VLAI?
Summary
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.
Affected Products:
UniFi Connect Display Cast (Version 1.10.3 and earlier)
UniFi Connect Display Cast Pro (Version 1.0.89 and earlier)
UniFi Connect Display Cast Lite (Version 1.0.3 and earlier)
Mitigation:
Update UniFi Connect Display Cast to Version 1.10.7 or later
Update UniFi Connect Display Cast Pro to Version 1.0.94 or later
Update UniFi Connect Display Cast Lite to Version 1.1.8 or later
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect Display Cast |
Affected:
1.10.7 , < 1.10.7
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:51:00.551541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:46:44.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.10.7",
"status": "affected",
"version": "1.10.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.0.94",
"status": "affected",
"version": "1.0.94",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast Lite",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.8",
"status": "affected",
"version": "1.1.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Connect Display Cast (Version 1.10.3 and earlier)\r\nUniFi Connect Display Cast Pro (Version 1.0.89 and earlier)\r\nUniFi Connect Display Cast Lite (Version 1.0.3 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate UniFi Connect Display Cast to Version 1.10.7 or later\r\nUpdate UniFi Connect Display Cast Pro to Version 1.0.94 or later\r\nUpdate UniFi Connect Display Cast Lite to Version 1.1.8 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.190Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27215",
"datePublished": "2025-08-21T00:01:24.190Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-21T14:46:44.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48978 (GCVE-0-2025-48978)
Vulnerability from cvelistv5 – Published: 2025-08-21 00:01 – Updated: 2025-08-21 14:16
VLAI?
Summary
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Affected Products:
EdgeMAX EdgeSwitch (Version 1.11.0 and earlier)
Mitigation:
Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.
Severity ?
7.5 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | EdgeMAX EdgeSwitch |
Affected:
1.11.1 , < 1.11.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:15:24.082992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:16:25.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EdgeMAX EdgeSwitch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "1.11.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.\r\n\r\nAffected Products:\r\n\r\nEdgeMAX EdgeSwitch (Version 1.11.0 and earlier) \r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate the EdgeMAX EdgeSwitch to Version 1.11.1 or later."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T00:01:24.208Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-054-054/3033f0b7-aca6-4d70-8c51-d3e706bd0ca7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48978",
"datePublished": "2025-08-21T00:01:24.208Z",
"dateReserved": "2025-05-29T15:00:04.772Z",
"dateUpdated": "2025-08-21T14:16:25.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27212 (GCVE-0-2025-27212)
Vulnerability from cvelistv5 – Published: 2025-08-04 22:12 – Updated: 2025-08-05 13:33
VLAI?
Summary
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Reader Pro |
Affected:
2.15.9 , < 2.15.9
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:29:55.643740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:33:09.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Access Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.15.9",
"status": "affected",
"version": "2.15.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G2 Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.23",
"status": "affected",
"version": "1.11.23",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G3 Reader Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.22",
"status": "affected",
"version": "1.11.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.22",
"status": "affected",
"version": "1.8.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G3 Intercom",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.22",
"status": "affected",
"version": "1.8.22",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom Viewer",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.4.39",
"status": "affected",
"version": "1.4.39",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.\r\n\r\n \r\n\r\nAffected Products:\r\nUniFi Access Reader Pro (Version 2.14.21 and earlier)\r\nUniFi Access G2 Reader Pro (Version 1.10.32 and earlier)\r\nUniFi Access G3 Reader Pro (Version 1.10.30 and earlier)\r\nUniFi Access Intercom (Version 1.7.28 and earlier)\r\nUniFi Access G3 Intercom (Version 1.7.29 and earlier)\r\nUniFi Access Intercom Viewer (Version 1.3.20 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\nUpdate UniFi Access Reader Pro Version 2.15.9 or later\r\nUpdate UniFi Access G2 Reader Pro Version 1.11.23 or later\r\nUpdate UniFi Access G3 Reader Pro Version 1.11.22 or later\r\nUpdate UniFi Access Intercom Version 1.8.22 or later\r\nUpdate UniFi Access G3 Intercom Version 1.8.22 or later\r\nUpdate UniFi Access Intercom Viewer Version 1.4.39 or later"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T22:12:18.820Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-051-051/583fa6e1-3d85-42ec-a453-651d1653c9b3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27212",
"datePublished": "2025-08-04T22:12:18.820Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-05T13:33:09.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27211 (GCVE-0-2025-27211)
Vulnerability from cvelistv5 – Published: 2025-08-04 22:12 – Updated: 2025-08-05 13:26
VLAI?
Summary
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | EdgeMAX EdgeSwitch |
Unaffected:
1.11.0 , < 1.11.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:22:10.644805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:26:05.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "EdgeMAX EdgeSwitch",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.0",
"status": "unaffected",
"version": "1.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T22:12:18.821Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-050-050/f82b1701-58a1-4b7d-9e20-82d50e3e1961"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27211",
"datePublished": "2025-08-04T22:12:18.821Z",
"dateReserved": "2025-02-20T01:00:01.799Z",
"dateUpdated": "2025-08-05T13:26:05.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24292 (GCVE-0-2025-24292)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 13:32
VLAI?
Summary
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
Severity ?
6.8 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
9.2.87 , < 9.2.87
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:12:10.999551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:09.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "9.2.87",
"status": "affected",
"version": "9.2.87",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device\u2019s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:08.070Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-049-049/7a019b27-6c77-4500-bec8-596cd87c9292"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24292",
"datePublished": "2025-06-29T19:25:08.070Z",
"dateReserved": "2025-01-17T01:00:07.458Z",
"dateUpdated": "2025-06-30T13:32:09.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24290 (GCVE-0-2025-24290)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 14:52
VLAI?
Summary
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UISP Application |
Affected:
2.4.211 , < 2.4.211
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T14:51:30.158712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:52:45.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UISP Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.4.211",
"status": "affected",
"version": "2.4.211",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:07.152Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24290",
"datePublished": "2025-06-29T19:25:07.152Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-06-30T14:52:45.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24289 (GCVE-0-2025-24289)
Vulnerability from cvelistv5 – Published: 2025-06-29 19:25 – Updated: 2025-06-30 15:29
VLAI?
Summary
A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UCRM Client Signup Plugin |
Affected:
1.3.5 , < 1.3.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T15:29:02.494473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T15:29:38.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCRM Client Signup Plugin",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T19:25:06.254Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-24289",
"datePublished": "2025-06-29T19:25:06.254Z",
"dateReserved": "2025-01-17T01:00:07.457Z",
"dateUpdated": "2025-06-30T15:29:38.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23123 (GCVE-0-2025-23123)
Vulnerability from cvelistv5 – Published: 2025-05-19 01:25 – Updated: 2025-05-19 13:59
VLAI?
Summary
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
Severity ?
10 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.75.62 , < 4.75.62
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T13:59:29.424014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T13:59:32.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.75.62",
"status": "affected",
"version": "4.75.62",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T01:25:08.467Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23123",
"datePublished": "2025-05-19T01:25:08.467Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-05-19T13:59:32.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23164 (GCVE-0-2025-23164)
Vulnerability from cvelistv5 – Published: 2025-05-19 01:25 – Updated: 2025-05-19 14:45
VLAI?
Summary
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.
Severity ?
4.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
5.3.45 , < 5.3.45
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:43:09.419854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:45:25.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.3.45",
"status": "affected",
"version": "5.3.45",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a \"Share Livestream\" link to maintain access to the corresponding livestream subsequent to such link becoming disabled."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T01:25:08.458Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23164",
"datePublished": "2025-05-19T01:25:08.458Z",
"dateReserved": "2025-01-12T01:00:00.648Z",
"dateUpdated": "2025-05-19T14:45:25.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23118 (GCVE-0-2025-23118)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:14
VLAI?
Summary
An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.
Severity ?
6.4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:14:00.440644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:14:53.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.138Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23118",
"datePublished": "2025-03-01T01:52:36.138Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:14:53.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23117 (GCVE-0-2025-23117)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-05 15:26
VLAI?
Summary
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.
Severity ?
6.8 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-23117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T15:08:02.603284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:26:14.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system."
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.149Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23117",
"datePublished": "2025-03-01T01:52:36.149Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-05T15:26:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23116 (GCVE-0-2025-23116)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:12
VLAI?
Summary
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.
Severity ?
9.6 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application |
Affected:
5.2.49 , < 5.2.49
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:12:32.779660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:12:37.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.2.49",
"status": "affected",
"version": "5.2.49",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.160Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23116",
"datePublished": "2025-03-01T01:52:36.160Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:12:37.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23119 (GCVE-0-2025-23119)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-04 19:07
VLAI?
Summary
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network.
Severity ?
7.5 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:01:54.001224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:07:42.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.226Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23119",
"datePublished": "2025-03-01T01:52:36.226Z",
"dateReserved": "2025-01-11T01:00:00.618Z",
"dateUpdated": "2025-03-04T19:07:42.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23115 (GCVE-0-2025-23115)
Vulnerability from cvelistv5 – Published: 2025-03-01 01:52 – Updated: 2025-03-13 17:49
VLAI?
Summary
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.
Severity ?
9 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Cameras |
Affected:
4.74.106 , < 4.74.106
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:54:54.791630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T17:49:18.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Protect Cameras",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.74.106",
"status": "affected",
"version": "4.74.106",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T01:52:36.149Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23115",
"datePublished": "2025-03-01T01:52:36.149Z",
"dateReserved": "2025-01-11T01:00:00.617Z",
"dateUpdated": "2025-03-13T17:49:18.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23091 (GCVE-0-2025-23091)
Vulnerability from cvelistv5 – Published: 2025-02-01 06:53 – Updated: 2025-03-13 12:54
VLAI?
Summary
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UDM |
Affected:
4.1.13 , < 4.1.13
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:47:37.586798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T12:54:46.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UDM",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-SE",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDM-Pro-Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UDW",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNVR",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNVR PRO",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCKP",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCK",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCK-Enterprise",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UCG-Max",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EFG",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1.13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T06:53:09.114Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-045-045/6011bc61-f2eb-457f-b71d-755703817aaf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-23091",
"datePublished": "2025-02-01T06:53:09.114Z",
"dateReserved": "2025-01-10T19:05:52.772Z",
"dateUpdated": "2025-03-13T12:54:46.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42028 (GCVE-0-2024-42028)
Vulnerability from cvelistv5 – Published: 2024-10-28 15:54 – Updated: 2024-10-28 18:53
VLAI?
Summary
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
Severity ?
8.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
8.4.62 , ≤ 8.4.62
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "8.4.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T18:53:01.066571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:53:11.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThanOrEqual": "8.4.62",
"status": "affected",
"version": "8.4.62",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:54:15.384Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-42028",
"datePublished": "2024-10-28T15:54:15.384Z",
"dateReserved": "2024-07-27T01:04:08.014Z",
"dateUpdated": "2024-10-28T18:53:11.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42025 (GCVE-0-2024-42025)
Vulnerability from cvelistv5 – Published: 2024-09-13 15:47 – Updated: 2024-09-28 17:44
VLAI?
Summary
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
Severity ?
7.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
8.4.59 , < 8.4.59
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "8.3.32",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:23:49.335442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-28T17:44:02.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "8.4.59",
"status": "affected",
"version": "8.4.59",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:47:19.568Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-42025",
"datePublished": "2024-09-13T15:47:19.568Z",
"dateReserved": "2024-07-27T01:04:08.013Z",
"dateUpdated": "2024-09-28T17:44:02.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29208 (GCVE-0-2024-29208)
Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
VLAI?
Summary
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Severity ?
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | Update UniFi Connect EV Station |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.11.348"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display_cast",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.8.255"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:45:33.305337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:11.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.348",
"status": "affected",
"version": "1.11.348",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display Cast ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.255",
"status": "affected",
"version": "1.8.255",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T16:40:02.495Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-29208",
"datePublished": "2024-05-07T16:40:02.495Z",
"dateReserved": "2024-03-19T01:04:06.323Z",
"dateUpdated": "2024-08-02T01:10:54.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29207 (GCVE-0-2024-29207)
Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
VLAI?
Summary
An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
Affected Products:
UniFi Connect Application (Version 3.7.9 and earlier)
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect Application |
Affected:
3.10.7 , < 3.10.7
(semver)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display_cast",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.8.255"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.11.348"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_application",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "3.10.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15 "
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:34:11.302957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:46.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.348",
"status": "affected",
"version": "1.11.348",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.255",
"status": "affected",
"version": "1.8.255",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T16:40:02.502Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-29207",
"datePublished": "2024-05-07T16:40:02.502Z",
"dateReserved": "2024-03-19T01:04:06.323Z",
"dateUpdated": "2024-08-02T01:10:55.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29206 (GCVE-0-2024-29206)
Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
VLAI?
Summary
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Access G2 Reader Pro (Version 1.2.172 and earlier)
UniFi Access Reader Pro (Version 2.7.238 and earlier)
UniFi Access Intercom (Version 1.0.66 and earlier)
UniFi Access Intercom Viewer (Version 1.0.5 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Access G2 Reader Pro Version 1.3.37 or later.
Update UniFi Access Reader Pro Version 2.8.19 or later.
Update UniFi Access Intercom Version 1.1.32 or later.
Update UniFi Access Intercom Viewer Version 1.1.6 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Connect EV Station |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_access_g2_reader_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_access_g2_reader_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.3.37"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.11.348"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display_cast",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.8.255"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_access_reader_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_access_reader_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "2.8.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_access_intercom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_access_intercom",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.1.32"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_access_intercom_viewer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_access_intercom_viewer",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:33:56.493181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access G2 Reader Pro ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.3.37",
"status": "affected",
"version": "1.3.37",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Reader Pro ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "2.8.19",
"status": "affected",
"version": "2.8.19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.32",
"status": "affected",
"version": "1.1.32",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Access Intercom Viewer",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "1.1.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.348",
"status": "affected",
"version": "1.11.348",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Connect Display Cast ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.255",
"status": "affected",
"version": "1.8.255",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Access G2 Reader Pro (Version 1.2.172 and earlier)\n\nUniFi Access Reader Pro (Version 2.7.238 and earlier)\n\nUniFi Access Intercom (Version 1.0.66 and earlier)\n\nUniFi Access Intercom Viewer (Version 1.0.5 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later. \n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Access G2 Reader Pro Version 1.3.37 or later.\n\nUpdate UniFi Access Reader Pro Version 2.8.19 or later.\n\nUpdate UniFi Access Intercom Version 1.1.32 or later.\n\nUpdate UniFi Access Intercom Viewer Version 1.1.6 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later. \n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T16:40:02.543Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-29206",
"datePublished": "2024-05-07T16:40:02.543Z",
"dateReserved": "2024-03-19T01:04:06.323Z",
"dateUpdated": "2024-08-02T01:10:55.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27981 (GCVE-0-2024-27981)
Vulnerability from cvelistv5 – Published: 2024-04-04 22:16 – Updated: 2025-03-18 20:10
VLAI?
Summary
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.
Affected Products:
UniFi Network Application (Version 8.0.28 and earlier) .
Mitigation:
Update UniFi Network Application to Version 8.1.113 or later.
Severity ?
9.8 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application |
Affected:
8.1.113 , < 8.1.113
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThan": "8.1.113",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T15:00:54.373621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:10:28.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:56.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Application",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "8.1.113",
"status": "affected",
"version": "8.1.113",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.\r\n\r\nAffected Products:\r\nUniFi Network Application (Version 8.0.28 and earlier) .\r\n \r\nMitigation:\r\nUpdate UniFi Network Application to Version 8.1.113 or later."
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T22:16:29.361Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-27981",
"datePublished": "2024-04-04T22:16:29.361Z",
"dateReserved": "2024-02-29T01:04:06.640Z",
"dateUpdated": "2025-03-18T20:10:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22054 (GCVE-0-2024-22054)
Vulnerability from cvelistv5 – Published: 2024-02-20 17:14 – Updated: 2025-03-27 20:55
VLAI?
Summary
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.
Affected Products:
UniFi Access Points
UniFi Switches
UniFi LTE Backup
UniFi Express (Only Mesh Mode, Router mode is not affected)
Mitigation:
Update UniFi Access Points to Version 6.6.55 or later.
Update UniFi Switches to Version 6.6.61 or later.
Update UniFi LTE Backup to Version 6.6.57 or later.
Update UniFi Express to Version 3.2.5 or later.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Points |
Affected:
6.6.55 , < 6.6.55
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ubiquiti:unifi_uap_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_uap_firmware",
"vendor": "ubiquiti",
"versions": [
{
"lessThan": "6.6.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:40:11.727545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:55:19.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Access Points",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.6.55",
"status": "affected",
"version": "6.6.55",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Switches",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.6.61",
"status": "affected",
"version": "6.6.61",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi LTE Backup",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "6.6.57",
"status": "affected",
"version": "6.6.57",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi Express ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.2.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.\n\n\nAffected Products:\nUniFi Access Points\nUniFi Switches\nUniFi LTE Backup\nUniFi Express (Only Mesh Mode, Router mode is not affected)\n\n \nMitigation:\nUpdate UniFi Access Points to Version 6.6.55 or later.\nUpdate UniFi Switches to Version 6.6.61 or later.\nUpdate UniFi LTE Backup to Version 6.6.57 or later.\nUpdate UniFi Express to Version 3.2.5 or later."
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T01:39:11.208Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22054",
"datePublished": "2024-02-20T17:14:34.212Z",
"dateReserved": "2024-01-05T01:04:06.642Z",
"dateUpdated": "2025-03-27T20:55:19.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}