CVE-2024-29206 in UniFi Connect EV Station
Summary
by MITRE • 05/07/2024
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.
Affected Products:
UniFi Connect EV Station (Version 1.1.18 and earlier)
UniFi Connect EV Station Pro (Version 1.1.18 and earlier)
UniFi Access G2 Reader Pro (Version 1.2.172 and earlier)
UniFi Access Reader Pro (Version 2.7.238 and earlier)
UniFi Access Intercom (Version 1.0.66 and earlier)
UniFi Access Intercom Viewer (Version 1.0.5 and earlier)
UniFi Connect Display (Version 1.9.324 and earlier)
UniFi Connect Display Cast (Version 1.6.225 and earlier)
Mitigation:
Update UniFi Connect Application to Version 3.10.7 or later.
Update UniFi Connect EV Station to Version 1.2.15 or later.
Update UniFi Connect EV Station Pro to Version 1.2.15 or later.
Update UniFi Access G2 Reader Pro Version 1.3.37 or later.
Update UniFi Access Reader Pro Version 2.8.19 or later.
Update UniFi Access Intercom Version 1.1.32 or later.
Update UniFi Access Intercom Viewer Version 1.1.6 or later.
Update UniFi Connect Display to Version 1.11.348 or later.
Update UniFi Connect Display Cast to Version 1.8.255 or later.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/07/2024
This vulnerability represents a critical improper access control flaw that undermines the security posture of multiple UniFi access control and charging station devices. The issue allows authenticated attackers to enable Android Debug Bridge functionality and execute unsupported system modifications, creating a significant vector for privilege escalation and system compromise. The vulnerability affects a diverse range of hardware including EV charging stations, access readers, intercoms, and display devices from the UniFi Connect ecosystem. From a cybersecurity perspective, this represents a failure in the principle of least privilege where legitimate authenticated users can gain unauthorized system-level capabilities that should remain restricted to administrative or system-level operations.
The technical implementation of this vulnerability stems from inadequate authorization controls within the API authentication framework. When users authenticate to the system, the access control mechanisms fail to properly validate whether the authenticated session should be granted elevated privileges for enabling ADB functionality. This misconfiguration allows attackers to escalate their privileges through legitimate API endpoints that should only be accessible to system administrators or device maintenance personnel. The vulnerability manifests as a lack of proper session management and privilege validation, where the system does not adequately verify the security context of authenticated users before granting access to sensitive operational functions.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential complete system compromise. Once ADB is enabled, attackers can gain root-level access to the device operating system, allowing them to modify system files, install malicious applications, extract sensitive data, or establish persistent backdoors. This creates a pathway for attackers to compromise the entire access control infrastructure, potentially affecting multiple devices within the network. The vulnerability particularly concerns security professionals because it enables attackers to bypass traditional network security controls and operate at the device level, making detection and attribution significantly more challenging. From an att&ck framework perspective, this vulnerability maps to privilege escalation techniques and persistence mechanisms, specifically covering tactics such as privilege escalation through abuse of administrative tools and persistence through system modifications.
The affected product line demonstrates a concerning pattern of security flaws across multiple device categories within the UniFi ecosystem, suggesting a systemic issue in the software development lifecycle or security architecture. The vulnerability affects both hardware and software components, indicating that the access control implementation spans across various firmware and application layers. This widespread impact across different device types suggests that the root cause likely resides in a shared authentication or authorization module rather than being isolated to specific device implementations. The vulnerability's presence in both standard and professional variants indicates that the security controls were not properly implemented across the entire product portfolio, creating a consistent risk profile throughout the device ecosystem. Organizations using these devices face significant operational risks including potential unauthorized physical access, data breaches, and disruption of critical access control services that could impact building security and safety operations.
Mitigation efforts require comprehensive firmware and application updates across all affected device types, with particular attention to ensuring that update processes maintain proper access controls and do not introduce additional vulnerabilities during the upgrade process. The recommended updates address the specific access control flaws by implementing proper session validation and privilege enforcement mechanisms. Security teams should conduct thorough risk assessments to determine the scope of potential compromise within their environments, particularly focusing on devices that have been exposed to authenticated attackers. Additionally, organizations should implement network segmentation and monitoring controls to detect unauthorized ADB usage or other suspicious activities that might indicate exploitation attempts. The vulnerability highlights the importance of maintaining current firmware versions and implementing robust change management processes to ensure that security updates are properly deployed and validated across all networked devices.