PT-2024-22808 · Ubiquiti · Unifi Connect Display+3
Published
2024-05-07
·
Updated
2024-07-03
·
CVE-2024-29207
CVSS v3.1
7.5
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UniFi Connect Application versions 3.7.9 and earlier
UniFi Connect EV Station versions 1.1.18 and earlier
UniFi Connect EV Station Pro versions 1.1.18 and earlier
UniFi Connect Display versions 1.9.324 and earlier
UniFi Connect Display Cast versions 1.6.225 and earlier
Description
An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
Recommendations
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unifi Connect Application
Unifi Connect Display
Unifi Connect Display Cast
Unifi Connect Ev Station Pro