Unrated severityNVD Advisory· Published Aug 10, 2023· Updated Dec 4, 2024

CVE-2023-38034

Description

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).

Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded.

Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Affected products

Ubiquiti Inc/UniFi Switchesllm-fuzzy2 versions
<=6.5.32+ 1 more
- (no CPE)range: <=6.5.32
- (no CPE)range: 6.5.32
Ubiquiti Inc/Unifillm-fuzzy
Ubiquiti Inc/UniFi U6+ Access Pointllm-fuzzy2 versions
<=6.5.53+ 1 more
- (no CPE)range: <=6.5.53
- (no CPE)range: 6.5.53

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000