Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41721

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.

Published

2023-10-25T18:17:30.987

Last Modified

2024-11-21T08:21:32.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ui	unifi_network_application	≤ 7.5.176	Yes
Hardware	ui	unifi_dream_machine	-	No
Hardware	ui	unifi_dream_machine_pro	-	No
Hardware	ui	unifi_dream_machine_special_edition	-	No
Hardware	ui	unifi_dream_router	-	No
Hardware	ui	unifi_dream_wall	-	No

References

https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 Issue Tracking, Vendor Advisory ([email protected])
https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)