An improper access control flaw exists in the UniFi Connect EV Station Lite firmware versions 1.5.2 and earlier. A malicious actor within Wi‑Fi range can activate the device’s Wi‑Fi AutoLink feature against a unit that was previously adopted via Ethernet. Because the AutoLink function is not properly restricted, the attacker could potentially invoke management or configuration operations that should be available only to devices adopted over a wired connection. This weakness is categorized as CWE‑284, reflecting a failure to enforce access control policies.

The vendor is Ubiquiti Inc, product UniFi Connect EV Station Lite. Firmware versions 1.5.2 and earlier are vulnerable. No additional version or build information is specified beyond the firmware release number. The affected model is identified by the community advisory available at the provided link.

The CVSS base score is 5.3, indicating moderate severity. The EPSS probability is reported as less than 1 percent, signifying a very low but non‑zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need local Wi‑Fi access to the device and must trigger the AutoLink feature from a device that was not adopted via Ethernet, implying that exploitation is limited to a local or compromised wireless environment.