ByteOS Network

NVD Vulnerability Details :

CVE-2024-29208

Awaiting Analysis

Source-support@hackerone.com

Published At-07 May, 2024 | 17:15

Updated At-03 Jul, 2024 | 01:52

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	2.2	LOW	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.0

Base score: 2.2

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-521	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-521

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09	support@hackerone.com	N/A

Hyperlink: https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09

Source: support@hackerone.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History