Primary

Context

Ubiquiti UniFi Network Authentication Bypass Vulnerability via MAC Address

Vulnerability

Patched

A vulnerability exists in Ubiquiti UniFi Network application versions through 9.1.120, allowing users to authenticate to Enterprise WiFi or VPN services (L2TP and OpenVPN) using a device's MAC address from 802.1X or MAC Authentication. This issue arises if both services are enabled and share the same RADIUS profile.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Enterprise WiFi or VPN services, allowing users to authenticate based on MAC address rather than proper credentials.

Remediation

Users are advised to update the UniFi Network application to version 9.2.87 or later.

Added: Jun 29, 2025, 8:17 PM

Updated: Jun 29, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubiquiti UniFi Network Authentication Bypass Vulnerability via MAC Address

Vulnerability

Impact

Remediation

Affected Products

Ubiquiti UniFi Network

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating