cbcvebase.
CVE-2024-22054
published 2024-02-20

CVE-2024-22054: A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.52%
39.9th percentile
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.

Affected

4 ranges
VendorProductVersion rangeFixed in
ubiquiti_incunifi_access_points>= 6.6.55 < 6.6.556.6.55
ubiquiti_incunifi_express>= 3.2.5 < 3.2.53.2.5
ubiquiti_incunifi_lte_backup>= 6.6.57 < 6.6.576.6.57
ubiquiti_incunifi_switches>= 6.6.61 < 6.6.616.6.61
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.