Improper Access Control Vulnerability in UniFi Products by Ubiquiti
CVE-2024-29206

2.2LOW

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Connect Ev Station; Unifi Connect Ev Station Pro; Unifi Access G2 Reader Pro; Unifi Access Reader Pro
Vendor: CVE Published:; 7 May 2024

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2024-29206?

The Improper Access Control vulnerability in several UniFi products allows an authenticated attacker to enable Android Debug Bridge (ADB). This potentially enables them to perform unsupported alterations to the system, resulting in security risks. Users are strongly urged to update their UniFi applications and devices to the recommended versions to mitigate this vulnerability.

Affected Version(s)

UniFi Access G2 Reader Pro 1.3.37

UniFi Access Intercom 1.1.32

UniFi Access Intercom Viewer 1.1.6

References

https://community.ui.com/releases/Security-Advisory-bulle...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Mar 19, 2024