CVE-2023-41721

Name of the Vulnerable Software and Affected Versions UniFi Network versions 7.5.176 and earlier UDM versions prior to 7.5.187 UDM-PRO versions prior to 7.5.187 UDM-SE versions prior to 7.5.187 UDR versions prior to 7.5.187 UDW versions prior to 7.5.187

Description The issue is related to improper access control logic in device adoption, which creates a risk of access to device configuration information by a malicious actor with preexisting access to the network. This affects instances of UniFi Network Application run on a UniFi Gateway Console.

Recommendations Update UniFi Network to Version 7.5.187 or later. As a temporary workaround, consider restricting access to the UniFi Gateway Console until the update is applied. For UDM, UDM-PRO, UDM-SE, UDR, and UDW devices, update to version 7.5.187 or later to mitigate the risk. If automatic updates are not enabled, manually update the devices to version 7.5.187 or later as soon as possible.