CVE-2024-54749

Name of the Vulnerable Software and Affected Versions Ubiquiti U7-Pro version 7.0.35

Description A hardcoded password vulnerability was discovered in /etc/shadow, which allows attackers to log in as root. However, the supplier disputes this claim, stating that the device cannot be deployed without setting a new password during installation, and the observation only established that a password is present in a firmware image.

Recommendations For Ubiquiti U7-Pro version 7.0.35, consider changing the default password during installation to prevent potential unauthorized access. As a temporary workaround, restrict root access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.