CVE-2023-41721

Published: Oct 25, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.

Affected (1)

Products: Ui: Unifi Network Application

1 product

Unifi Network Application

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Ui Unifi Network Application	Up to 7.5.176

Running on/with	Platform Versions
Ui Unifi Dream Machine	All versions
Ui Unifi Dream Machine Pro	All versions
Ui Unifi Dream Machine Special Edition	All versions
Ui Unifi Dream Router	All versions
Ui Unifi Dream Wall	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615

Source: support@hackerone.com

Issue TrackingVendor Advisory

https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.