(Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability
Vulnerability Details
This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ubnt_avclient component. The issue results from the lack of proper validation of the certificate presented by a server. An attacker can leverage this vulnerability to bypass authentication on the system.
Additional Details
Ubiquiti Networks has issued an update to correct this vulnerability. More details can be found at:
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
Disclosure Timeline
- 2024-11-15 - Vulnerability reported to vendor
- 2025-06-11 - Coordinated public release of advisory
- 2025-06-11 - Advisory Updated
Credit
Bongeun Koo(@kiddo_pwn), Dohyun Kim(@d0now), Junyoung Choi(@insp3ct0r_x), Wonbeen Im(@D0b6y), Juhyeop Lee(@leeju_04), Juyeong Lee(@ju_cheda), GuckHyeon Jin(@nang__lam), Jongmin Kim(@slyfizz3) of STEALIEN Inc.
