CVE-2024-34786

2024-07-0901:07:28

hackerone

www.cve.org

unifi

ios

misconfiguration

vulnerability

2nd generation

access points

standalone

ssid

wifi password

5ghz radio

fixed

EPSS

Percentile

9.2%

JSON

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.

This vulnerability is fixed in UniFi iOS app 10.15.2 and later.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ubiquiti",
    "product": "UniFi iOS App",
    "versions": [
      {
        "version": "10.15.2",
        "status": "affected",
        "lessThan": "10.15.2",
        "versionType": "semver"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-34786