CVE-2023-38034 Information

Description

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches excluding the Switch Flex Mini could allow a Remote Code Execution (RCE).

Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded.

Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Reference

https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56