ReportizFlow
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.
Affected Products:
UniFi Network Application (Version 8.0.28 and earlier) .
Mitigation:
Update UniFi Network Application to Version 8.1.113 or later.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ubiquiti |
|
No data.
No data.
References
History
Tue, 18 Mar 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ubiquiti
Ubiquiti unifi Network Application |
|
| Weaknesses | CWE-77 | |
| CPEs | cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Network Application |
|
| Metrics |
cvssV3_1
|
Fri, 13 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | ||
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Network Application |
|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-04-04T22:16:29.361Z
Updated: 2025-03-18T20:10:28.730Z
Reserved: 2024-02-29T01:04:06.640Z
Link: CVE-2024-27981
Vulnrichment
Updated: 2024-08-02T00:41:56.017Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T23:15:15.837
Modified: 2025-03-18T21:15:24.477
Link: CVE-2024-27981
Redhat
No data.