Ubiquiti Networks EV Station changeUserPassword Missing Authentication Remote Code Execution Vulnerability [CVE-2024-29208]

June 24, 2024 Kerry Dean 665 Views 0 Comments CVE-2024-29208, Remote Code Execution Vulnerability, Ubiquiti Networks 0 min read

CVE number = CVE-2024-29208

CVSS score = 8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station.

Authentication is not required to exploit this vulnerability.

The specific flaw exists within the password change functionality.

The issue results from the lack of proper validation of the old password before setting a new password.

An attacker can leverage this vulnerability to execute code in the context of the device.

Ubiquiti Networks has issued an update to correct this vulnerability.
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09

Kerry Dean

Kerry is a Content Creator at www.systemtek.co.uk she has spent many years working in IT support, her main interests are computing, networking and AI.

Ubiquiti Networks EV Station changeUserPassword Missing Authentication Remote Code Execution Vulnerability [CVE-2024-29208]

Like this:

Related Posts

Kerry Dean

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Kerry Dean

Leave a ReplyCancel reply