CVE-2023-38034: Command Injection
First published: Thu Aug 10 2023(Updated: )
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Unifi Uap Firmware | <=6.5.53 | |
| Ui U6\+ | ||
| Ui U6-enterprise | ||
| Ui U6-enterprise-iw | ||
| Ui U6-extender | ||
| Ui U6-iw | ||
| Ui U6-lite | ||
| Ui U6-lr | ||
| Ui U6-mesh | ||
| Ui U6-pro | ||
| Ui Uap-ac-iw | ||
| Ui Uap-ac-lite | ||
| Ui Uap-ac-lr | ||
| Ui Uap-ac-m | ||
| Ui Uap-ac-m-pro | ||
| Ui Uap-ac-pro | ||
| Ui Ubb | ||
| Ui Ubb-xg | ||
| Ui Uwb-xg | ||
| Ui Unifi Switch Firmware | <=6.5.32 | |
| Ui Us-16-150w | ||
| Ui Us-24-250w | ||
| Ui Us-48-500w | ||
| Ui Us-8-150w | ||
| Ui Us-8-60w | ||
| Ui Us-xg-6poe | ||
| Ui Usw-16-poe | ||
| Ui Usw-24 | ||
| Ui Usw-24-poe | ||
| Ui Usw-48 | ||
| Ui Usw-48-poe | ||
| Ui Usw-aggregation | ||
| Ui Usw-enterprise-24-poe | ||
| Ui Usw-enterprise-48-poe | ||
| Ui Usw-enterprise-8-poe | ||
| Ui Usw-enterprisexg-24 | ||
| Ui Usw-flex | ||
| Ui Usw-flex-xg | ||
| Ui Usw-industrial | ||
| Ui Usw-lite-16-poe | ||
| Ui Usw-lite-8-poe | ||
| Ui Usw-mission-critical | ||
| Ui Usw-pro-24 | ||
| Ui Usw-pro-24-poe | ||
| Ui Usw-pro-48 | ||
| Ui Usw-pro-48-poe | ||
| Ui Usw-pro-aggregation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-38034.
What is the severity of CVE-2023-38034?
The severity of CVE-2023-38034 is critical with a severity value of 9.8.
Which products are affected by CVE-2023-38034?
All UniFi Access Points (Version 6.5.53 and earlier) and all UniFi Switches (Version 6.5.32 and earlier) are affected by CVE-2023-38034, excluding the Switch Flex Mini.
How does CVE-2023-38034 impact the affected products?
CVE-2023-38034 is a command injection vulnerability in the DHCP Client function of the affected UniFi Access Points and Switches, which could allow remote code execution (RCE).
Is there a fix available for CVE-2023-38034?
Yes, a fix for CVE-2023-38034 is available. Please refer to the reference link for more information.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui unifi uap firmware
- version/ui unifi uap firmware/6.5.53
- canonical/ui u6\+
- canonical/ui u6-enterprise
- canonical/ui u6-enterprise-iw
- canonical/ui u6-extender
- canonical/ui u6-iw
- canonical/ui u6-lite
- canonical/ui u6-lr
- canonical/ui u6-mesh
- canonical/ui u6-pro
- canonical/ui uap-ac-iw
- canonical/ui uap-ac-lite
- canonical/ui uap-ac-lr
- canonical/ui uap-ac-m
- canonical/ui uap-ac-m-pro
- canonical/ui uap-ac-pro
- canonical/ui ubb
- canonical/ui ubb-xg
- canonical/ui uwb-xg
- canonical/ui unifi switch firmware
- version/ui unifi switch firmware/6.5.32
- canonical/ui us-16-150w
- canonical/ui us-24-250w
- canonical/ui us-48-500w
- canonical/ui us-8-150w
- canonical/ui us-8-60w
- canonical/ui us-xg-6poe
- canonical/ui usw-16-poe
- canonical/ui usw-24
- canonical/ui usw-24-poe
- canonical/ui usw-48
- canonical/ui usw-48-poe
- canonical/ui usw-aggregation
- canonical/ui usw-enterprise-24-poe
- canonical/ui usw-enterprise-48-poe
- canonical/ui usw-enterprise-8-poe
- canonical/ui usw-enterprisexg-24
- canonical/ui usw-flex
- canonical/ui usw-flex-xg
- canonical/ui usw-industrial
- canonical/ui usw-lite-16-poe
- canonical/ui usw-lite-8-poe
- canonical/ui usw-mission-critical
- canonical/ui usw-pro-24
- canonical/ui usw-pro-24-poe
- canonical/ui usw-pro-48
- canonical/ui usw-pro-48-poe
- canonical/ui usw-pro-aggregation