CVE-2024-54749 — HIGH (7.5)

Vulnerability Description

Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-798

References

https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_vuln-14bc216a1c30802e9c4

FAQ

What is CVE-2024-54749?

CVE-2024-54749 is a vulnerability with a CVSS score of 7.5 (HIGH). Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observa...

How severe is CVE-2024-54749?

CVE-2024-54749 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-54749?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.