CVE-2022-22570 — CRITICAL (10.0)

Q: How severe is CVE-2022-22570?

CVE-2022-22570 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-22570?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Ua Lite Firmware, Ui Ua Lite.

Vulnerability Description

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ui	Ua Lite Firmware	< 3.8.31.13
Ui	Ua Lite	-

Related Weaknesses (CWE)

CWE-120

References

https://community.ui.com/releases/Security-Advisory-Bulletin-024-024/22725557-0fVendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-024-024/22725557-0fVendor Advisory

FAQ

What is CVE-2022-22570?

CVE-2022-22570 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control a...

How severe is CVE-2022-22570?

CVE-2022-22570 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-22570?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Ua Lite Firmware, Ui Ua Lite.