Skip to main content

Unifi Connect Ev Station Lite Firmware CVE-2026-21635

MEDIUM
Improper Access Control (CWE-284)
2026-01-05 support@hackerone.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 05, 2026 - 17:15 nvd
MEDIUM 5.3

DescriptionCVE.org

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

AnalysisAI

Unifi Connect EV Station Lite firmware v1.5.2 and earlier contains an access control weakness that permits nearby Wi-Fi attackers to activate the AutoLink feature on devices provisioned exclusively through Ethernet connections. This vulnerability could allow unauthorized wireless configuration of the charging station despite it being administratively restricted to wired network adoption. No patch is currently available for this medium-severity issue.

Technical ContextAI

Classified as CWE-284 (Improper Access Control). Affects Unifi Connect Ev Station Lite Firmware. An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-21635 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy