CVE-2026-21635

Published: Jan 5, 2026Modified: Jan 30, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

Affected (1)

Products: Ui: Unifi Connect Ev Station Lite Firmware

1 product

Unifi Connect Ev Station Lite Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Unifi Connect Ev Station Lite Firmware	Before 1.6.1

Running on/with	Platform Versions
Ui Unifi Connect Ev Station Lite	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://community.ui.com/releases/Security-Advisory-Bulletin-059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.