Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (hackerone) · only source for this CVE.
CVSS VectorVendor: hackerone
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point.
Affected Products: UniFi U6+ Access Point (Version 6.6.65 and earlier)
Mitigation: Update your UniFi U6+ Access Point to Version 6.6.74 or later.
AnalysisAI
A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Affected Products: UniFi U6+ Access Point (Version 6.6.65 and earlier) Mitigation: Update your UniFi U6+ Access Point to Version 6.6.74 or later. Version information: Version 6.6.65.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow
A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attac
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today