Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
References
| Link | Resource |
|---|---|
| https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
10 Sep 2024, 21:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-284 |
31 Oct 2023, 20:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:* cpe:2.3:a:ui:unifi_network_application:*:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| First Time |
Ui unifi Dream Router
Ui unifi Network Application Ui unifi Dream Machine Special Edition Ui unifi Dream Wall Ui Ui unifi Dream Machine Ui unifi Dream Machine Pro |
|
| References | (MISC) https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 - Issue Tracking, Vendor Advisory | |
| CWE | NVD-CWE-noinfo |
25 Oct 2023, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-09-10 21:35
NVD link : CVE-2023-41721
Mitre link : CVE-2023-41721
CVE.ORG link : CVE-2023-41721
JSON object : View
Products Affected
ui
- unifi_dream_router
- unifi_dream_machine_pro
- unifi_dream_machine
- unifi_dream_wall
- unifi_dream_machine_special_edition
- unifi_network_application
CWE