An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password.

Affected Products:

UniFi Connect EV Station (Version 1.1.18 and earlier)

UniFi Connect EV Station Pro (Version 1.1.18 and earlier)

UniFi Connect Display (Version 1.9.324 and earlier)

UniFi Connect Display Cast (Version 1.6.225 and earlier)

Mitigation:

Update UniFi Connect Application to Version 3.10.7 or later.

Update UniFi Connect EV Station to Version 1.2.15 or later.

Update UniFi Connect EV Station Pro to Version 1.2.15 or later.

Update UniFi Connect Display to Version 1.11.348 or later.

Update UniFi Connect Display Cast to Version 1.8.255 or later.

Related CVEs

CVE-2024-29208

Key Information

GHSA ID

GHSA-972x-xwpx-cr2c

Published

May 7, 2024 6:30 PM

Last Modified

May 7, 2024 6:30 PM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.