PatchSiren cyber security CVE debrief
CVE-2016-7792 Ubiquiti Networks CVE debrief
CVE-2016-7792 is an improper access control issue in Ubiquiti Networks UniFi 5.2.7. According to NVD, the affected firmware does not sufficiently restrict database access, which can allow unauthorized parties to connect directly and modify the database. The record rates the issue HIGH and maps it to CWE-284.
- Vendor
- Ubiquiti Networks
- Product
- CVE-2016-7792
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-23
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-23
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams running Ubiquiti UniFi AP AC Lite firmware at or below 5.2.7 should prioritize this issue, especially where management interfaces or related services are reachable on internal or adjacent networks.
Technical summary
The NVD record identifies affected UniFi AP AC Lite firmware versions through 5.2.7 and describes a failure to restrict database access. That means the flaw is not a traditional code-execution bug, but an access-control weakness that can permit unauthorized database modification if an attacker can directly reach the database service. NVD assigns CVSS 3.0 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and CWE-284.
Defensive priority
High. The impact includes integrity compromise of the application database, and the NVD rating indicates potentially broad confidentiality, integrity, and availability impact once the service is reachable.
Recommended defensive actions
- Identify whether any UniFi installations are running firmware 5.2.7 or earlier on the affected AP AC Lite product line.
- Upgrade to a vendor-fixed firmware release if one is available for the affected deployment.
- Restrict network reachability to database and management services so they are not accessible from untrusted or broadly shared internal networks.
- Review access controls and segmentation around UniFi management infrastructure.
- Validate the integrity of the UniFi database and configuration after remediation.
Evidence notes
The description and NVD metadata state that Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database and that remote attackers can modify it by directly connecting. NVD marks the vulnerability as affecting UniFi AP AC Lite firmware versions through 5.2.7 and assigns CWE-284. Reference links in the CVE record include SecurityFocus BID 93270 and a Packet Storm advisory entry. Published date used here is the CVE publication timestamp of 2017-01-23; the 2026-05-13 timestamp is the later NVD modification date, not the original issue date.
Official resources
-
CVE-2016-7792 CVE record
CVE.org
-
CVE-2016-7792 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory, VDB Entry
CVE published on 2017-01-23; NVD record modified on 2026-05-13.