Hardcoded Password Vulnerability in Ubiquiti U7-Pro Product
CVE-2024-54749

7.5HIGH

Key Information:

Vendor: Ubiquiti
Status: U7-Pro
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-54749?

A hardcoded password vulnerability has been identified in Ubiquiti's U7-Pro version 7.0.35, residing in the /etc/shadow file. This flaw could potentially allow unauthorized access, enabling attackers to log in as root. While the supplier disputes the severity by suggesting that a password must be configured during installation, the presence of a default hardcoded password remains a significant security concern that could be exploited if not properly mitigated.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_v...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024

JSON

Ubiquiti

What is CVE-2024-54749?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.