PT-2024-22181 · Ubiquiti · Unifi Network Application

Published

2024-03-26

Updated

2025-03-18

CVE-2024-27981

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Network Application versions 8.0.28 and earlier

Description A Command Injection issue allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.

Recommendations Update UniFi Network Application to Version 8.1.113 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-27981

Affected Products

Unifi Network Application

PT-2024-22181 · Ubiquiti · Unifi Network Application

CVE-2024-27981

Weakness Enumeration

Related Identifiers

Affected Products

References · 13