Unintended Network Access via Cached Credentials on Ubiquiti UniFi Meshing Access Point

Unintended Network Access via Cached Credentials on Ubiquiti UniFi Meshing Access Point

CVE-2020-27888 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.

Learn more about our Network Penetration Testing.