Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for UniFi Connect Application by Ubiquiti Inc

    CVE-2026-50746 (GCVE-0-2026-50746)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi Connect Application Affected: 0 , < 3.4.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:49:51.709672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:15.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Application",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "3.4.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.907Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-50746",
        "datePublished": "2026-07-02T14:49:16.907Z",
        "dateReserved": "2026-06-06T15:00:09.780Z",
        "dateUpdated": "2026-07-02T15:52:15.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29207 (GCVE-0-2024-29207)

    Vulnerability from nvd – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
    VLAI
    Summary
    An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi Connect Application Affected: 3.10.7 , < 3.10.7 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect EV Station Affected: 1.2.15 , < 1.2.15 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect EV Station Pro Affected: 1.2.15 , < 1.2.15 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect Display Affected: 1.11.348 , < 1.11.348 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect Display Cast Affected: 1.8.255 , < 1.8.255 (semver)
    Create a notification for this product.
    ubiquiti unifi_connect_display_cast Affected: 1.8.255
        cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_display Affected: 1.11.348
        cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_application Affected: 3.10.7
        cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_ev_station Affected: 1.2.15
        cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_ev_station_pro Affected: 1.2.15.0
        cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_display_cast",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.8.255"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_display",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.11.348"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_application",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.10.7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_ev_station",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.15 "
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_ev_station_pro",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.15.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:34:11.302957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:46.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:55.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Application",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "3.10.7",
                  "status": "affected",
                  "version": "3.10.7",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect EV Station",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.2.15",
                  "status": "affected",
                  "version": "1.2.15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect EV Station Pro ",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.2.15",
                  "status": "affected",
                  "version": "1.2.15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Display",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.11.348",
                  "status": "affected",
                  "version": "1.11.348",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Display Cast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.8.255",
                  "status": "affected",
                  "version": "1.8.255",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T16:40:02.502Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2024-29207",
        "datePublished": "2024-05-07T16:40:02.502Z",
        "dateReserved": "2024-03-19T01:04:06.323Z",
        "dateUpdated": "2024-08-02T01:10:55.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-50746 (GCVE-0-2026-50746)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi Connect Application Affected: 0 , < 3.4.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:49:51.709672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:15.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Application",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "3.4.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.907Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-50746",
        "datePublished": "2026-07-02T14:49:16.907Z",
        "dateReserved": "2026-06-06T15:00:09.780Z",
        "dateUpdated": "2026-07-02T15:52:15.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29207 (GCVE-0-2024-29207)

    Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
    VLAI
    Summary
    An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi Connect Application Affected: 3.10.7 , < 3.10.7 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect EV Station Affected: 1.2.15 , < 1.2.15 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect EV Station Pro Affected: 1.2.15 , < 1.2.15 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect Display Affected: 1.11.348 , < 1.11.348 (semver)
    Create a notification for this product.
    Ubiquiti Inc UniFi Connect Display Cast Affected: 1.8.255 , < 1.8.255 (semver)
    Create a notification for this product.
    ubiquiti unifi_connect_display_cast Affected: 1.8.255
        cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_display Affected: 1.11.348
        cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_application Affected: 3.10.7
        cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_ev_station Affected: 1.2.15
        cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*
    Create a notification for this product.
    ubiquiti unifi_connect_ev_station_pro Affected: 1.2.15.0
        cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_display_cast",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.8.255"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_display",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.11.348"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_application",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.10.7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_ev_station",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.15 "
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unifi_connect_ev_station_pro",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.15.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:34:11.302957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:46.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:55.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Application",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "3.10.7",
                  "status": "affected",
                  "version": "3.10.7",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect EV Station",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.2.15",
                  "status": "affected",
                  "version": "1.2.15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect EV Station Pro ",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.2.15",
                  "status": "affected",
                  "version": "1.2.15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Display",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.11.348",
                  "status": "affected",
                  "version": "1.11.348",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Connect Display Cast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "1.8.255",
                  "status": "affected",
                  "version": "1.8.255",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T16:40:02.502Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2024-29207",
        "datePublished": "2024-05-07T16:40:02.502Z",
        "dateReserved": "2024-03-19T01:04:06.323Z",
        "dateUpdated": "2024-08-02T01:10:55.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }