CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54750
https://notcve.org/view.php?id=CVE-2024-54750
06 Dec 2024 — Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before. • https://colorful-meadow-5b9.notion.site/U6-LR_HardCode_vuln-14bc216a1c30806487ebdda3bb984e91?pvs=4 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 2%CPEs: 47EXPL: 1CVE-2023-35085
https://notcve.org/view.php?id=CVE-2023-35085
10 Aug 2023 — An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. An integer overflow vulnerability in all UniFi... • https://github.com/maoruiQa/CVE-2023-35085-POC-EXP • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 47EXPL: 0CVE-2023-38034
https://notcve.org/view.php?id=CVE-2023-38034
10 Aug 2023 — A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. A command injection vulnerability in the DHCP Client function of all Uni... • https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •