CVE-2020-27888

HIGH

Ubiquiti UniFi Meshing Access Point UAP-AC-M <4.3.21.11325 & UniFi ...

Title source: llm

Description

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.

References (1)

[Vendor Advisory] https://community.ui.com/questions/Possible-authentication-bypass-for-access-into-LAN/7965adb2-5d70-4410-8467-4c7bec76bc00

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 50.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-459

Status published

Affected Products (2)

ui/unifi_meshing_access_point_firmware

ui/unifi_controller_firmware

Timeline

Published Oct 27, 2020

Tracked Since Feb 18, 2026