CVE-2020-8157

Published: May 2, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).

Affected (2)

Products: Ui: Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus Firmware

2 products

Unifi Cloud Key Gen2 Firmware

Unifi Cloud Key Gen2 Plus Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Unifi Cloud Key Gen2 Firmware	Up to 1.1.10

Running on/with	Platform Versions
Ui Unifi Cloud Key Gen2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Unifi Cloud Key Gen2 Plus Firmware	Up to 1.1.10

Running on/with	Platform Versions
Ui Unifi Cloud Key Gen2 Plus	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413

Source: support@hackerone.com

Vendor Advisory

https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d

Source: support@hackerone.com

Vendor Advisory

https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.