SB2024070470 - Multiple vulnerabilities in Ubiquiti Networks products

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-29206)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the setDebugPortEnabled method. A remote administrator can enable Android Debug Bridge (ADB) and make unsupported changes to the system.

2) Unverified Password Change (CVE-ID: CVE-2024-29208)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to lack of proper validation of the old password before setting a new password. A remote administrator can change the system password without knowing the previous password.

3) Improper Certificate Validation (CVE-ID: CVE-2024-29207)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper server certificate verification within the EVCLauncher application. A remote attacker on the local network can take control of the system.

Remediation

Install update from vendor's website.

References

• https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09
• https://www.zerodayinitiative.com/advisories/ZDI-24-881/
• https://www.zerodayinitiative.com/advisories/ZDI-24-879/
• https://www.zerodayinitiative.com/advisories/ZDI-24-880/