A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
2023-08-10T19:15:09.803
2024-11-21T08:12:43.107
Modified
CVSSv3.1: 9.8 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | ui | unifi_uap_firmware | ≤ 6.5.53 | Yes |
| Hardware | ui | u6\+ | - | No |
| Hardware | ui | u6-enterprise | - | No |
| Hardware | ui | u6-enterprise-iw | - | No |
| Hardware | ui | u6-extender | - | No |
| Hardware | ui | u6-iw | - | No |
| Hardware | ui | u6-lite | - | No |
| Hardware | ui | u6-lr | - | No |
| Hardware | ui | u6-mesh | - | No |
| Hardware | ui | u6-pro | - | No |
| Hardware | ui | uap-ac-iw | - | No |
| Hardware | ui | uap-ac-lite | - | No |
| Hardware | ui | uap-ac-lr | - | No |
| Hardware | ui | uap-ac-m | - | No |
| Hardware | ui | uap-ac-m-pro | - | No |
| Hardware | ui | uap-ac-pro | - | No |
| Hardware | ui | ubb | - | No |
| Hardware | ui | ubb-xg | - | No |
| Hardware | ui | uwb-xg | - | No |
| Operating System | ui | unifi_switch_firmware | ≤ 6.5.32 | Yes |
| Hardware | ui | us-16-150w | - | No |
| Hardware | ui | us-24-250w | - | No |
| Hardware | ui | us-48-500w | - | No |
| Hardware | ui | us-8-150w | - | No |
| Hardware | ui | us-8-60w | - | No |
| Hardware | ui | us-xg-6poe | - | No |
| Hardware | ui | usw-16-poe | - | No |
| Hardware | ui | usw-24 | - | No |
| Hardware | ui | usw-24-poe | - | No |
| Hardware | ui | usw-48 | - | No |
| Hardware | ui | usw-48-poe | - | No |
| Hardware | ui | usw-aggregation | - | No |
| Hardware | ui | usw-enterprise-24-poe | - | No |
| Hardware | ui | usw-enterprise-48-poe | - | No |
| Hardware | ui | usw-enterprise-8-poe | - | No |
| Hardware | ui | usw-enterprisexg-24 | - | No |
| Hardware | ui | usw-flex | - | No |
| Hardware | ui | usw-flex-xg | - | No |
| Hardware | ui | usw-industrial | - | No |
| Hardware | ui | usw-lite-16-poe | - | No |
| Hardware | ui | usw-lite-8-poe | - | No |
| Hardware | ui | usw-mission-critical | - | No |
| Hardware | ui | usw-pro-24 | - | No |
| Hardware | ui | usw-pro-24-poe | - | No |
| Hardware | ui | usw-pro-48 | - | No |
| Hardware | ui | usw-pro-48-poe | - | No |
| Hardware | ui | usw-pro-aggregation | - | No |