Improper Access Control Vulnerability in Ubiquiti Networks UniFi Product
CVE-2016-7792

8.8HIGH

Key Information:

Vendor: Ubiquiti Networks
Status: Unifi Ap Ac Lite Firmware
Vendor: CVE Published:; 23 January 2017

🔔 Create Ubiquiti Networks Vulnerability Alert

What is CVE-2016-7792?

Ubiquiti Networks' UniFi 5.2.7 has a flaw that fails to properly restrict access to its database. This vulnerability allows remote attackers to connect directly to the database, potentially enabling them to modify its contents. Without adequate access control measures, sensitive information and system integrity can be compromised, leading to unauthorized changes and heightened security risks.

References

http://www.securityfocus.com/bid/93270

vdb-entryx_refsource_BID

https://packetstormsecurity.com/files/138928/Ubiquiti-Uni...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2017
Vulnerability Reserved
Sep 9, 2016