Ubiquiti Inc Unifi Connect Ev Station Pro vulnerabilities
4 known vulnerabilities affecting ubiquiti_inc/unifi_connect_ev_station_pro.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-27214P2CRITICALCVSS 9.8≥ 1.5.27, < 1.5.272025-08-21
CVE-2025-27214 [CRITICAL] CWE-306 CVE-2025-27214: A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
Mitigation:
Update UniFi Connect EV Station Pro to Version 1.5.2
nvd
CVE-2024-29207P3HIGHCVSS 7.5≥ 1.2.15, < 1.2.152024-05-07
CVE-2024-29207 [HIGH] CWE-284 CVE-2024-29207: An Improper Certificate Validation could allow a malicious actor with access to an adjacent network
An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
Affected Products:
UniFi Connect Application (Version 3.7.9 and earlier)
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version
nvd
CVE-2025-27213P4MEDIUMCVSS 4.9≥ 1.5.27, < 1.5.272025-08-21
CVE-2025-27213 [MEDIUM] CWE-863 CVE-2025-27213: An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi C
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station Pro (Version 1.5.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display
nvd
CVE-2024-29206P4LOWCVSS 2.2≥ 1.2.15, < 1.2.152024-05-07
CVE-2024-29206 [LOW] CWE-284 CVE-2024-29206: An Improper Access Control could allow a malicious actor authenticated in the API to enable Android
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Access G2 Reader Pro (Version 1.2.172 and earlier
nvd