Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Unauthenticated request allows changing hostname

Medium
U
Ubiquiti Inc.
Submitted None

Team Summary

Official summary from Ubiquiti Inc.

We have recently released new version of UniFi Cloud Key firmware that fixes a vulnerability found on v1.1.6 and prior for Cloud Key gen2 and Cloud Key gen2 Plus, according to the description below: Unauthenticated API requests allow changing device hostname. ###Affected Products: UniFi Cloud Key Gen2 UniFi Cloud Key Gen2 Plus ###Mitigation: Update to latest UniFi Cloud key Gen2 and UniFi Cloud Key Gen2 Plus Firmware version available at UniFi Cloud Key Gen2 download page. ###Reference Link: https://community.ui.com/releases/Security-advisory-bulletin-007-007/eb639fa0-68ad-4bf5-9663-3b760eb2f93a

Actions:
View on HackerOne
Reported by giany

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Improper Authentication - Generic