CVE-2022-22570 – A buffer overflow vulnerability in UniFi Door A... (How to Fix)

Q: What is the severity of CVE-2022-22570?

CVE-2022-22570 has a CVSS score of 10.0 (CRITICAL). A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with network access to execute arbitrary code and take control of all connected UA devices. This affects organizations using UA Lite devices with firmware version 3.8.28.24 or earlier. The vulnerability enables complete device compromise.

📋 TL;DR

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with network access to execute arbitrary code and take control of all connected UA devices. This affects organizations using UA Lite devices with firmware version 3.8.28.24 or earlier. The vulnerability enables complete device compromise.

💻 Affected Systems

Products:

UniFi Door Access Reader Lite (UA Lite)

Versions: 3.8.28.24 and earlier

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All UA Lite devices running vulnerable firmware are affected regardless of configuration.

📦 What is this software?

Ua Lite Firmware by Ui

View all CVEs affecting Ua Lite Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full network compromise of all connected UA devices, enabling physical access control bypass, data exfiltration, and lateral movement to other network systems.

🟠

Likely Case

Attackers gaining administrative control over door access systems, potentially locking/unlocking doors, disabling security features, and using devices as footholds for further attacks.

🟢

If Mitigated

Limited impact if devices are isolated in separate VLANs with strict network segmentation and access controls preventing lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access but no authentication. Buffer overflow vulnerabilities are typically straightforward to exploit once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.31.13 and later

Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-024-024/22725557-0f72-4f5d-83b0-f16252fcd4b7

Restart Required: Yes

Instructions:

1. Log into UniFi Network Controller. 2. Navigate to Devices section. 3. Select affected UA Lite devices. 4. Click Update Firmware. 5. Ensure version is 3.8.31.13 or higher. 6. Reboot devices after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UA Lite devices in separate VLAN with strict firewall rules preventing access from untrusted networks.

Access Control Lists

all

Implement network ACLs to restrict which systems can communicate with UA Lite devices.

🧯 If You Can't Patch

Physically disconnect vulnerable devices from network until patching possible
Implement strict network monitoring and alerting for any communication attempts to UA Lite devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version in UniFi Network Controller under Devices > select UA Lite > check Firmware version.

Check Version:

No CLI command - check via UniFi Network Controller web interface

Verify Fix Applied:

Confirm firmware version shows 3.8.31.13 or higher in UniFi Network Controller.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Firmware modification logs
Unexpected device reboots

Network Indicators:

Unusual traffic patterns to UA Lite devices
Port scanning from internal systems targeting UA Lite

SIEM Query:

source="unifi" AND (event_type="firmware_update" OR event_type="device_reboot") AND device_type="UA Lite"

📊 Metadata

CVE ID: CVE-2022-22570

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-120

Published: April 1, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22570, you might also want to check these: