Ubiquiti Networks EV Station EVCLauncher Improper Certificate Validation Vulnerability [CVE-2024-29207]

June 24, 2024 Jason Davies 625 Views 0 Comments CVE-2024-29207, Improper Certificate Validation Vulnerability, Ubiquiti Networks 0 min read

CVE number = CVE-2024-29207

CVSS score = 6.3

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Ubiquiti Networks EV Station.

User interaction is not required to exploit this vulnerability.

The specific flaw exists within the EVCLauncher application.

The issue results from the lack of proper validation of the certificate presented by the server.

An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the application.

Ubiquiti Networks has issued an update to correct this vulnerability.
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Ubiquiti Networks EV Station EVCLauncher Improper Certificate Validation Vulnerability [CVE-2024-29207]

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply