Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Update UniFi Connect Display by Ubiquiti Inc
CVE-2024-29208 (GCVE-0-2024-29208)
Vulnerability from nvd – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
VLAI
Summary
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc | Update UniFi Connect EV Station |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect EV Station Pro |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect Display |
Affected:
1.11.348 , < 1.11.348
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect Display Cast |
Affected:
1.8.255 , < 1.8.255
(semver)
|
|
| ubiquiti | unifi_connect_ev_station |
Affected:
1.2.15
cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_ev_station_pro |
Affected:
1.2.15
cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_display |
Affected:
1.11.348
cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_display_cast |
Affected:
1.8.255
cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.11.348"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display_cast",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.8.255"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:45:33.305337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:11.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.348",
"status": "affected",
"version": "1.11.348",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display Cast ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.255",
"status": "affected",
"version": "1.8.255",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T16:40:02.495Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-29208",
"datePublished": "2024-05-07T16:40:02.495Z",
"dateReserved": "2024-03-19T01:04:06.323Z",
"dateUpdated": "2024-08-02T01:10:54.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29208 (GCVE-0-2024-29208)
Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10
VLAI
Summary
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc | Update UniFi Connect EV Station |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect EV Station Pro |
Affected:
1.2.15 , < 1.2.15
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect Display |
Affected:
1.11.348 , < 1.11.348
(semver)
|
|
| Ubiquiti Inc | Update UniFi Connect Display Cast |
Affected:
1.8.255 , < 1.8.255
(semver)
|
|
| ubiquiti | unifi_connect_ev_station |
Affected:
1.2.15
cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_ev_station_pro |
Affected:
1.2.15
cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_display |
Affected:
1.11.348
cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:* |
|
| ubiquiti | unifi_connect_display_cast |
Affected:
1.8.255
cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_ev_station_pro",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.2.15"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.11.348"
}
]
},
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_connect_display_cast",
"vendor": "ubiquiti",
"versions": [
{
"status": "affected",
"version": "1.8.255"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:45:33.305337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:11.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect EV Station Pro",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.2.15",
"status": "affected",
"version": "1.2.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.11.348",
"status": "affected",
"version": "1.11.348",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Update UniFi Connect Display Cast ",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "1.8.255",
"status": "affected",
"version": "1.8.255",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T16:40:02.495Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-29208",
"datePublished": "2024-05-07T16:40:02.495Z",
"dateReserved": "2024-03-19T01:04:06.323Z",
"dateUpdated": "2024-08-02T01:10:54.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}