{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34786", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-05-09T01:04:06.436Z", "datePublished": "2024-07-09T01:07:28.069Z", "dateUpdated": "2025-02-10T23:05:24.331Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.\n\nThis vulnerability is fixed in UniFi iOS app 10.15.2 and later."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti", "product": "UniFi iOS App", "versions": [{"version": "10.15.2", "status": "affected", "lessThan": "10.15.2", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-07-09T01:07:28.069Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T17:46:06.532540Z", "id": "CVE-2024-34786", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T23:05:24.331Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.620Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.620Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T17:46:06.532540Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T17:46:55.620Z"}}], "cna": {"affected": [{"vendor": "Ubiquiti", "product": "UniFi iOS App", "versions": [{"status": "affected", "version": "10.15.2", "lessThan": "10.15.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0"}], "descriptions": [{"lang": "en", "value": "UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.\n\nThis vulnerability is fixed in UniFi iOS app 10.15.2 and later."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-07-09T01:07:28.069Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34786", "state": "PUBLISHED", "dateUpdated": "2025-02-10T23:05:24.331Z", "dateReserved": "2024-05-09T01:04:06.436Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-07-09T01:07:28.069Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio.\n\nThis vulnerability is fixed in UniFi iOS app 10.15.2 and later."}, {"lang": "es", "value": "La aplicaci\u00f3n UniFi iOS 10.15.0 introduce una configuraci\u00f3n incorrecta en los puntos de acceso UniFi de segunda generaci\u00f3n configurados como independientes (sin usar la aplicaci\u00f3n de red UniFi) que podr\u00eda provocar que el nombre SSID cambie y/o que se elimine la contrase\u00f1a WiFi en la radio de 5 GHz. Esta vulnerabilidad se solucion\u00f3 en la aplicaci\u00f3n UniFi iOS 10.15.2 y posteriores."}], "id": "CVE-2024-34786", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-09T02:15:10.177", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-040-040/b4b508c0-8453-405b-8660-1f55ade669c0"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred"}

{}

{}