CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-27888

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://community.ui.com/questions/Possible-authentication-bypass-for-access-into-LAN/7965adb2-5d70-4410-8467-4c7bec76bc00
https://community.ui.com/questions/Possible-authentication-bypass-for-access-into-LAN/7965adb2-5d70-4410-8467-4c7bec76bc00

Products affected by CVE-2020-27888

Ui » Unifi Controller » Version: N/A

cpe:2.3:h:ui:unifi_controller:-
Ui » Unifi Meshing Access Point » Version: N/A

cpe:2.3:h:ui:unifi_meshing_access_point:-
Ui » Unifi Controller Firmware » Version: 6.0.28

cpe:2.3:o:ui:unifi_controller_firmware:6.0.28
Ui » Unifi Meshing Access Point Firmware » Version: 4.3.21.11325

cpe:2.3:o:ui:unifi_meshing_access_point_firmware:4.3.21.11325

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27888

Products

Pricing

Contact Us