Search
Find a vulnerability
Search criteria
4 vulnerabilities found for UniFi Network Controller by Ubiquiti
CVE-2019-25652 (GCVE-0-2019-25652)
Vulnerability from nvd – Published: 2026-03-27 21:19 – Updated: 2026-05-25 23:41
VLAI
Title
UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
Summary
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.ui.com/releases/Security-Adviso… | vendor-advisory |
| https://www.vulncheck.com/advisories/unifi-networ… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti | UniFi Network Controller |
Affected:
0 , < 5.6.42
(semver)
Affected: 5.6.43 , < 5.10.22 (semver) Affected: 5.11 , < 5.11.18 (custom) |
Date Public
2019-05-15 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:56:22.209974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:56:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Controller",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "5.6.42",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10.22",
"status": "affected",
"version": "5.6.43",
"versionType": "semver"
},
{
"lessThan": "5.11.18",
"status": "affected",
"version": "5.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:09.449Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/unifi-network-controller-improper-certificate-validation-leading-to-credential-theft-via-mitm"
}
],
"title": "UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25652",
"datePublished": "2026-03-27T21:19:26.490Z",
"dateReserved": "2026-03-26T20:33:10.586Z",
"dateUpdated": "2026-05-25T23:41:09.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25651 (GCVE-0-2019-25651)
Vulnerability from nvd – Published: 2026-03-27 21:16 – Updated: 2026-05-25 23:41
VLAI
Title
Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control
Summary
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.ui.com/releases/Security-Adviso… | vendor-advisory |
| https://www.vulncheck.com/advisories/ubiquiti-uni… | third-party-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti | UniFi Network Controller |
Affected:
0 , < 5.6.42
(semver)
Affected: 5.6.43 , < 5.10.12 (semver) |
|
| Ubiquiti | UniFi UAP Firmware |
Affected:
0 , < 4.0.6
(semver)
|
|
| Ubiquiti | UniFi UAP-AC Firmware |
Affected:
0 , < 3.8.17
(semver)
|
|
| Ubiquiti | UniFi USW Firmware |
Affected:
0 , < 4.0.6
(semver)
|
|
| Ubiquiti | UniFi USG Firmware |
Affected:
0 , < 4.4.34
(semver)
|
Date Public
2019-05-15 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T17:51:04.700943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:55:00.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Controller",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "5.6.42",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10.12",
"status": "affected",
"version": "5.6.43",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi UAP Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi UAP-AC Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "3.8.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi USW Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi USG Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.4.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2019-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:08.799Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control"
}
],
"title": "Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25651",
"datePublished": "2026-03-27T21:16:30.611Z",
"dateReserved": "2026-03-26T20:24:49.635Z",
"dateUpdated": "2026-05-25T23:41:08.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25652 (GCVE-0-2019-25652)
Vulnerability from cvelistv5 – Published: 2026-03-27 21:19 – Updated: 2026-05-25 23:41
VLAI
Title
UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
Summary
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.ui.com/releases/Security-Adviso… | vendor-advisory |
| https://www.vulncheck.com/advisories/unifi-networ… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti | UniFi Network Controller |
Affected:
0 , < 5.6.42
(semver)
Affected: 5.6.43 , < 5.10.22 (semver) Affected: 5.11 , < 5.11.18 (custom) |
Date Public
2019-05-15 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:56:22.209974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:56:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Controller",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "5.6.42",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10.22",
"status": "affected",
"version": "5.6.43",
"versionType": "semver"
},
{
"lessThan": "5.11.18",
"status": "affected",
"version": "5.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:09.449Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/unifi-network-controller-improper-certificate-validation-leading-to-credential-theft-via-mitm"
}
],
"title": "UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25652",
"datePublished": "2026-03-27T21:19:26.490Z",
"dateReserved": "2026-03-26T20:33:10.586Z",
"dateUpdated": "2026-05-25T23:41:09.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25651 (GCVE-0-2019-25651)
Vulnerability from cvelistv5 – Published: 2026-03-27 21:16 – Updated: 2026-05-25 23:41
VLAI
Title
Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control
Summary
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.ui.com/releases/Security-Adviso… | vendor-advisory |
| https://www.vulncheck.com/advisories/ubiquiti-uni… | third-party-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti | UniFi Network Controller |
Affected:
0 , < 5.6.42
(semver)
Affected: 5.6.43 , < 5.10.12 (semver) |
|
| Ubiquiti | UniFi UAP Firmware |
Affected:
0 , < 4.0.6
(semver)
|
|
| Ubiquiti | UniFi UAP-AC Firmware |
Affected:
0 , < 3.8.17
(semver)
|
|
| Ubiquiti | UniFi USW Firmware |
Affected:
0 , < 4.0.6
(semver)
|
|
| Ubiquiti | UniFi USG Firmware |
Affected:
0 , < 4.4.34
(semver)
|
Date Public
2019-05-15 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T17:51:04.700943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:55:00.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network Controller",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "5.6.42",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10.12",
"status": "affected",
"version": "5.6.43",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi UAP Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi UAP-AC Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "3.8.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi USW Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UniFi USG Firmware",
"vendor": "Ubiquiti",
"versions": [
{
"lessThan": "4.4.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2019-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:08.799Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control"
}
],
"title": "Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25651",
"datePublished": "2026-03-27T21:16:30.611Z",
"dateReserved": "2026-03-26T20:24:49.635Z",
"dateUpdated": "2026-05-25T23:41:08.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}