Vulnerability Details CVE-2020-8157
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.3%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413
- https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d
- https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413
- https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d
Products affected by CVE-2020-8157
-
cpe:2.3:h:ui:unifi_cloud_key_gen2:-
-
cpe:2.3:h:ui:unifi_cloud_key_gen2_plus:-
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:-
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.0.11
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.0.3
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.0.6
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.0.9
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.1.0
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.1.10
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_firmware:1.1.6
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:-
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.0.11
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.0.3
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.0.6
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.0.9
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.1.0
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.1.10
-
cpe:2.3:o:ui:unifi_cloud_key_gen2_plus_firmware:1.1.6