| CVE ID | CVE-2025-23118 |
| CVSS SCORE | 7.5, AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
Ubiquiti Networks |
| AFFECTED PRODUCTS |
AI Bullet |
| VULNERABILITY DETAILS |
This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ubnt_avclient component. The issue results from the lack of proper validation of the certificate presented by a server. An attacker can leverage this vulnerability to bypass authentication on the system. |
| ADDITIONAL DETAILS |
Ubiquiti Networks has issued an update to correct this vulnerability. More details can be found at:
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f |
| DISCLOSURE TIMELINE |
|
| CREDIT | Bongeun Koo(@kiddo_pwn), Dohyun Kim(@d0now), Junyoung Choi(@insp3ct0r_x), Wonbeen Im(@D0b6y), Juhyeop Lee(@leeju_04), Juyeong Lee(@ju_cheda), GuckHyeon Jin(@nang__lam), Jongmin Kim(@slyfizz3) of STEALIEN Inc. |
