Ubiquiti
CVE-2024-22054
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (hackerone) · only source for this CVE.
CVSS VectorVendor: hackerone
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.
Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)
Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
AnalysisAI
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. Version information: Version 6.6.55.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow
A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attac
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today