276
Two Wi-Fi flaws expose Android, Linux devices to attacks
(thehackernews.com)
This is a most excellent place for technology news and articles.
Help me clear my confusion on this.
According to Mitre CVE-2023-52160 only applies to "Enterprise" Networks, that is WiFi Networks using WPA2 / WPA3 with Radius. This CVE is the one that relies on wpa_supplicant.
Meanwhile CVE-2023-52161 works on "regular" networks, ones using WPA2 / WPA3 with PSK, and relies on a vulnerability in IWD.
So unless I'm missing something (which is very possible) 5160 doesn't apply to most people and SMBs because they are not using Radius. So unless YOU are using Radius on your UniFi gear this vulnerability doesn't apply.
The one that WOULD apply to most people is 5161 but your UniFi screenshot is showing wpa_supplicant and not IWD so according to mitre this one doesn't apply to you either.
What am I missing here?
I just verified personally that it was present on unifi devices, since their docs weren't clear. We are a mostly cisco/aruba shop where I work, but a lot of my colleagues at smaller businesses/universities use radius with unifi access points. I imagine they are vulnerable to this.
You are correct though in assessing that homelab users and very small enterprise users are probably safe.