CVE-2020-8148
First published: Mon Apr 13 2020(Updated: )
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Cloud Key Gen2 | <=1.1.6 | |
| Ui Cloud Key Gen2 Plus | <=1.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this UniFi Cloud Key firmware vulnerability?
The vulnerability ID of this UniFi Cloud Key firmware vulnerability is CVE-2020-8148.
What is the severity level of CVE-2020-8148?
CVE-2020-8148 has a severity level of medium.
How does CVE-2020-8148 affect UniFi Cloud Key Gen2 and Cloud Key Gen2 Plus?
CVE-2020-8148 allows an attacker to change the device hostname of UniFi Cloud Key Gen2 and Cloud Key Gen2 Plus.
What is the affected firmware version for UniFi Cloud Key Gen2 and Cloud Key Gen2 Plus?
The affected firmware version for UniFi Cloud Key Gen2 and Cloud Key Gen2 Plus is < 1.1.6.
Is there a fix available for CVE-2020-8148?
Yes, updating the firmware to version 1.1.6 or later will fix the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui cloud key gen2
- version/ui cloud key gen2/1.1.6
- canonical/ui cloud key gen2 plus
- version/ui cloud key gen2 plus/1.1.6