CNNVD-202510-4362 Information

CNNVD ID

CNNVD-202510-4362

Related CVE

CVE-2025-52663

• CNNVD Published: 2025-10-31

Description (Chinese)

Ubiquiti UniFi Talk Touch等都是美国优比快（Ubiquiti）公司的一款IP电话机。 Ubiquiti多款产品存在安全漏洞，该漏洞源于内部调试功能意外启用，可能导致攻击者通过设备API调用内部调试操作。以下产品及版本受到影响：UniFi Talk Touch 1.21.16及之前版本、UniFi Talk Touch Max 2.21.22及之前版本和UniFi Talk G3 Phones 3.21.26及之前版本。

Description (English)

Ubiquiti UniFi Talk Touch and others are an IP telephone set for Ubiquiti. There is a safety loophole in multiple Ubiquiti products, which stems from the accidental commissioning of the internal debug function, which may lead to the attacker calling for internal debugging operations through the API. The following products and versions were affected: UniFi Talk Touch 1.21.16 and earlier, UniFi Talk Touch Max 2.21.22 and earlier and UniFi Talk G3 Phones 3.21.26 and earlier.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

优比快

Published

2025-10-31

Last Modified

2026-02-24

References

https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e https://access.redhat.com/security/cve/cve-2025-52663

Patch

https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e