UniFi Connect Improper Access Control Vulnerability Allowing Unauthorized ADB Access

A vulnerability exists in certain UniFi Connect devices that allows authenticated API users to improperly access and enable Android Debug Bridge (ADB), potentially leading to unsupported system modifications. This issue affects multiple device types, including the UniFi Connect EV Station Pro, Display, Display Cast, Display Cast Pro, and Display Cast Lite, each with specific version limitations.

Impact

Exploitation of this vulnerability could allow for unauthorized system changes on the affected devices, potentially leading to further security risks or system instability.

Remediation

Users can update to the following versions to address this vulnerability: UniFi Connect EV Station Pro to Version 1.5.27 or later, UniFi Connect Display to Version 1.13.6 or later, UniFi Connect Display Cast to Version 1.10.3 or later, UniFi Connect Display Cast Pro to Version 1.0.83 or later, and UniFi Connect Display Cast Lite to Version 1.1.3 or later.