CVE-2023-41721
MEDIUMUniFi Network Application < 7.5.176 - Improper Access Control in Device Adoption
Title source: llmDescription
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615
Scores
CVSS v3
5.3
EPSS
0.0059
EPSS Percentile
43.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
ui/unifi_network_application
< 7.5.176
Published
Oct 25, 2023
Tracked Since
Feb 18, 2026