PT-2024-22809 · Ubiquiti · Unifi Connect Display+3
Published
2024-05-07
·
Updated
2024-07-03
·
CVE-2024-29208
CVSS v3.1
2.2
Low
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UniFi Connect EV Station versions 1.1.18 and earlier
UniFi Connect EV Station Pro versions 1.1.18 and earlier
UniFi Connect Display versions 1.9.324 and earlier
UniFi Connect Display Cast versions 1.6.225 and earlier
Description
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.
Recommendations
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Update UniFi Connect Application to Version 3.10.7 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unifi Connect Application
Unifi Connect Display
Unifi Connect Display Cast
Unifi Connect Ev Station Pro