CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-34786: UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network...

Description

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.

This vulnerability is fixed in UniFi iOS app 10.15.2 and later.

Classification

CVE ID: CVE-2024-34786

Affected Products

Vendor: Ubiquiti

Product: UniFi iOS App

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.88% (scored less or equal to compared to others)

EPSS Date: 2025-03-11 (when was this score calculated)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0

Timeline

2025-02-11 00:32:56 UTC
CVE

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network...