← back
CVE-2024-22054

CVE-2024-22054

CVSS 7.5 HIGHEPSS 0.5%CWE-20
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Ubiquiti Inc · UniFi Access PointsUbiquiti Inc · UniFi ExpressUbiquiti Inc · UniFi LTE BackupUbiquiti Inc · UniFi Switches

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027