Home

Description

Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.

PUBLISHED Reserved 2026-03-26 | Published 2026-03-27 | Updated 2026-05-25 | Assigner VulnCheck




CRITICAL: 9.0CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

HIGH: 8.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status
unaffected

Any version before 5.6.42
affected

5.6.43 (semver) before 5.10.12
affected

Default status
unaffected

Any version before 4.0.6
affected

Default status
unaffected

Any version before 3.8.17
affected

Default status
unaffected

Any version before 4.0.6
affected

Default status
unaffected

Any version before 4.4.34
affected

References

community.ui.com/...004/462e561b-9efd-4c23-bfa7-53d59cc64ecb vendor-advisory

www.vulncheck.com/...ecovery-and-unauthorized-device-control third-party-advisory

cve.org (CVE-2019-25651)

nvd.nist.gov (CVE-2019-25651)

Download JSON