Sign-up

ID

VAR-201701-0218


CVE

CVE-2016-7792


TITLE

Ubiquiti Networks UniFi Vulnerable to database modification

Trust: 0.8

sources: JVNDB: JVNDB-2016-007044

DESCRIPTION

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. Ubiquiti UniFi AP AC Lite is prone to an access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ubiquiti Networks UniFi is a set of WiFi wireless network system of Ubiquiti Networks in the United States

Trust: 1.98

sources: NVD: CVE-2016-7792 // JVNDB: JVNDB-2016-007044 // BID: 93270 // VULHUB: VHN-96612

AFFECTED PRODUCTS

vendor:ubiquitimodel:unifi ap ac litescope:eqversion:5.2.7

Trust: 1.4

vendor:ubiquitimodel:unifi ap ac litescope:lteversion:5.2.7

Trust: 1.0

vendor:ubiquitimodel:unifi ap ac litescope: - version: -

Trust: 0.8

vendor:ubiquitimodel:networks unifi ap ac litescope:eqversion:5.2.7

Trust: 0.3

sources: BID: 93270 // JVNDB: JVNDB-2016-007044 // CNNVD: CNNVD-201610-114 // NVD: CVE-2016-7792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7792
value: HIGH

Trust: 1.0

NVD: CVE-2016-7792
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-114
value: HIGH

Trust: 0.6

VULHUB: VHN-96612
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7792
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96612
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7792
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96612 // JVNDB: JVNDB-2016-007044 // CNNVD: CNNVD-201610-114 // NVD: CVE-2016-7792

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-96612 // JVNDB: JVNDB-2016-007044 // NVD: CVE-2016-7792

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201610-114

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201610-114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007044

PATCH
title:Top Pageurl:https://www.ubnt.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-007044

EXTERNAL IDS
db:NVDid:CVE-2016-7792
Trust: 2.8
db:PACKETSTORMid:138928
Trust: 2.5
db:BIDid:93270
Trust: 1.4
db:JVNDBid:JVNDB-2016-007044
Trust: 0.8
db:CNNVDid:CNNVD-201610-114
Trust: 0.7
db:VULHUBid:VHN-96612
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96612 // 
            
            
            
            BID: 93270 // 
            
            
            
            JVNDB: JVNDB-2016-007044 // 
            
            
            
            CNNVD: CNNVD-201610-114 // 
            
            
            
            NVD: CVE-2016-7792

REFERENCES
url:https://packetstormsecurity.com/files/138928/ubiquiti-unifi-ap-ac-lite-5.2.7-improper-access-control.html
Trust: 2.5
url:http://www.securityfocus.com/bid/93270
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7792
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7792
Trust: 0.8
url:https://www.ubnt.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96612 // 
            
            
            
            BID: 93270 // 
            
            
            
            JVNDB: JVNDB-2016-007044 // 
            
            
            
            CNNVD: CNNVD-201610-114 // 
            
            
            
            NVD: CVE-2016-7792

CREDITS
Tim Schughart, Immanuel BA$?r, Khanh Quoc Pham of ProSec Networks.
Trust: 0.3
sources:
            
            
            BID: 93270

SOURCES
db:VULHUBid:VHN-96612
db:BIDid:93270
db:JVNDBid:JVNDB-2016-007044
db:CNNVDid:CNNVD-201610-114
db:NVDid:CVE-2016-7792

LAST UPDATE DATE
2025-04-20T23:20:08.392000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96612date:2017-01-26T00:00:00
db:BIDid:93270date:2016-10-10T00:01:00
db:JVNDBid:JVNDB-2016-007044date:2017-02-08T00:00:00
db:CNNVDid:CNNVD-201610-114date:2017-02-03T00:00:00
db:NVDid:CVE-2016-7792date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96612date:2017-01-23T00:00:00
db:BIDid:93270date:2016-09-30T00:00:00
db:JVNDBid:JVNDB-2016-007044date:2017-02-08T00:00:00
db:CNNVDid:CNNVD-201610-114date:2016-09-30T00:00:00
db:NVDid:CVE-2016-7792date:2017-01-23T21:59:02.627