CVE-2024-22054

HIGH

UniFi Devices < 6.6.61 DoS via Malformed Discovery Packet

Title source: llm

Description

A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.

References (1)

Core 1

Core References

Release Notes

https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027

Scores

CVSS v3 7.5

EPSS 0.0052

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (4)

Ubiquiti Inc/UniFi Access Points 6.6.55

Ubiquiti Inc/UniFi Express 3.2.5

Ubiquiti Inc/UniFi LTE Backup 6.6.57

Ubiquiti Inc/UniFi Switches 6.6.61

Published Feb 20, 2024

Tracked Since Feb 18, 2026