CVE-2025-27214
📋 TL;DR
A Missing Authentication for Critical Function vulnerability in UniFi Connect EV Station Pro allows attackers with physical or adjacent network access to perform unauthorized factory resets. This affects all UniFi Connect EV Station Pro devices running version 1.5.18 or earlier. The vulnerability enables complete device compromise without authentication.
💻 Affected Systems
- UniFi Connect EV Station Pro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains complete control of EV charging station, can disable charging functionality, manipulate billing data, or use device as network pivot point.
Likely Case
Malicious actor performs factory reset, disrupting charging services and requiring manual reconfiguration by administrators.
If Mitigated
With proper network segmentation and physical security, impact limited to isolated charging station requiring local reconfiguration.
🎯 Exploit Status
Exploitation requires physical access or adjacent network position. No authentication needed for factory reset function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.27 or later
Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-052-052/ac1251ee-5bb5-4cdf-8a71-68acd1775bb6
Restart Required: Yes
Instructions:
1. Log into UniFi Network Controller
2. Navigate to Devices section
3. Select affected EV Station Pro
4. Click 'Update' button
5. Wait for device to download and install version 1.5.27+
6. Device will automatically restart after update
🔧 Temporary Workarounds
Network Segmentation
allIsolate EV charging stations on separate VLAN with strict firewall rules
Physical Security Controls
allImplement physical access controls to prevent unauthorized personnel from accessing charging stations
🧯 If You Can't Patch
- Implement strict physical access controls to charging stations
- Segment charging station network with firewall rules blocking all unnecessary traffic
🔍 How to Verify
Check if Vulnerable:
Check device version in UniFi Network Controller under Devices > EV Station Pro > PropertiesCheck Version:
Not applicable - version check through UniFi Network Controller GUI onlyVerify Fix Applied:
Confirm device shows version 1.5.27 or higher in UniFi Network Controller📡 Detection & Monitoring
Log Indicators:
- Factory reset events in device logs
- Unexpected device reboots
- Configuration changes without administrator action
Network Indicators:
- Unexpected network traffic from charging station
- Device appearing as new/unconfigured on network
SIEM Query:
source="unifi-ev-station" AND (event="factory_reset" OR event="device_reboot")