Unverified Password Change Vulnerability in UniFi Connect Products by Ubiquiti
CVE-2024-29208

2.2LOW

Key Information:

Vendor: Ubiquiti Inc
Status: Update Unifi Connect Ev Station; Update Unifi Connect Ev Station Pro; Update Unifi Connect Display; Update Unifi Connect Display Cast
Vendor: CVE Published:; 7 May 2024

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2024-29208?

A security flaw exists in Ubiquiti's UniFi Connect products that allows unauthorized password alterations via API access. This vulnerability could enable malicious actors to change system passwords without needing the original password, compromising device security. Users are advised to update their affected products promptly to mitigate the risk.

Affected Version(s)

Update UniFi Connect Display 1.11.348

Update UniFi Connect Display Cast 1.8.255

Update UniFi Connect EV Station 1.2.15

References

https://community.ui.com/releases/Security-Advisory-bulle...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Mar 19, 2024