Ubiquiti Inc Unifi Access Points vulnerabilities
3 known vulnerabilities affecting ubiquiti_inc/unifi_access_points.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-38034P2CRITICALCVSS 9.8≥ 6.5.53, ≤ 6.5.532023-08-10
CVE-2023-38034 [CRITICAL] CWE-77 CVE-2023-38034: A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switche
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniF
nvd
CVE-2023-35085P2CRITICALCVSS 9.8≥ 6.5.50, ≤ 6.5.502023-08-10
CVE-2023-35085 [CRITICAL] CWE-190 CVE-2023-35085: An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
nvd
CVE-2024-22054P3HIGHCVSS 7.5≥ 6.6.55, < 6.6.552024-02-20
CVE-2024-22054 [HIGH] CWE-20 CVE-2024-22054: A malformed discovery packet sent by a malicious actor with preexisting access to the network could
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.
Affected Products:
UniFi Access Points
UniFi Switches
UniFi LTE Backup
UniFi Express (Only Mesh Mode, Router mode is not affected)
Mitigation:
Update UniFi Access Points to Version 6.6.55
nvd