Login Sign Up

CVE-2021-22952

8.8 HIGH

📋 TL;DR

This vulnerability allows an attacker who has already compromised a network to take control of UniFi Talk devices that haven't been adopted yet. It affects UniFi Talk application versions 1.12.3 and earlier. The attacker needs existing network access to exploit this weakness.

💻 Affected Systems

Products:
  • Ubiquiti UniFi Talk
Versions: 1.12.3 and earlier
Operating Systems: All platforms running UniFi Talk
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects unadopted Talk devices on compromised networks.

📦 What is this software?

Unifi Talk by Ui

View all CVEs affecting Unifi Talk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of UniFi Talk devices allowing eavesdropping on conversations, call interception, and device repurposing for further attacks.

🟠

Likely Case

Unauthorized control of VoIP devices leading to privacy violations and potential use as footholds for lateral movement.

🟢

If Mitigated

Limited impact if devices are properly adopted and network access is restricted, though residual risk remains from initial network compromise.

🌐 Internet-Facing: LOW - Exploitation requires existing network access, not directly internet-exposed.
🏢 Internal Only: HIGH - Once an attacker gains internal network access, they can exploit this vulnerability to control vulnerable Talk devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires existing network access but then provides straightforward device takeover of unadopted Talk devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.5 and later

Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-020-020/8ce6a7e6-0cce-4814-8bbe-ee812cb94b1a

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update UniFi Talk application to version 1.12.5 or later. 3. Restart the application. 4. Verify all Talk devices are properly adopted.

🔧 Temporary Workarounds

Immediate device adoption

all

Adopt all UniFi Talk devices immediately to prevent exploitation

Adopt devices through UniFi Controller interface

Network segmentation

all

Isolate Talk devices on separate VLAN from general network

Configure VLAN segmentation in network settings

🧯 If You Can't Patch

  • Adopt all Talk devices immediately through UniFi Controller
  • Segment Talk devices on isolated network/VLAN with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check UniFi Talk application version in controller interface - if version is 1.12.3 or earlier, you are vulnerable.

Check Version:

Check version in UniFi Controller web interface under Settings > Application

Verify Fix Applied:

Verify UniFi Talk application version is 1.12.5 or later and all Talk devices show as adopted in controller.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized device adoption attempts
  • Unexpected Talk device configuration changes
  • Network traffic from unadopted Talk devices

Network Indicators:

  • Unusual traffic patterns from Talk devices
  • Unauthorized control protocol communications

SIEM Query:

Search for: 'Talk device adoption' OR 'unauthorized device control' OR 'CVE-2021-22952' in UniFi logs

📊 Metadata

CVE ID: CVE-2021-22952
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: September 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22952, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)