Search Results (48 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47368 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-12 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
CVE-2026-47369 1 Ubiquiti 32 Efg, Envr, Envr-core and 29 more 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-47370 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
CVE-2026-48610 1 Ubiquiti 15 Efg, Express 7, Ucg-fiber and 12 more 2026-06-12 8.1 High
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
CVE-2026-34911 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-05-22 7.7 High
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
CVE-2026-21634 2 Ubiquiti, Ui 2 Protect Application, Unifi Protect 2026-04-18 6.5 Medium
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
CVE-2026-21633 2 Ubiquiti, Ui 2 Protect Application, Unifi Protect 2026-04-18 8.8 High
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
CVE-2026-21635 2 Ubiquiti, Ui 3 Ev Station Lite, Unifi Connect Ev Station Lite, Unifi Connect Ev Station Lite Firmware 2026-04-18 5.3 Medium
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
CVE-2026-21638 2 Ubiquiti, Ui 12 Ubb, Ubb-xg, Udb-pro and 9 more 2026-04-18 8.8 High
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.
CVE-2026-21639 2 Ubiquiti, Ui 12 Airfiber Af60, Airfiber Af60 Xg, Airmax Ac and 9 more 2026-04-18 5.4 Medium
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version 2.6.8 or later.
CVE-2026-22566 1 Ubiquiti 2 Unifi Play Audio Port, Unifi Play Poweramp 2026-04-17 7.5 High
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
CVE-2026-22562 1 Ubiquiti 2 Unifi Play Audio Port, Unifi Play Poweramp 2026-04-17 9.8 Critical
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later
CVE-2026-22563 1 Ubiquiti 2 Unifi Play Audio Port, Unifi Play Poweramp 2026-04-17 9.8 Critical
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
CVE-2026-22564 1 Ubiquiti 2 Unifi Play Audio Port, Unifi Play Poweramp 2026-04-17 9.8 Critical
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
CVE-2026-22565 1 Ubiquiti 2 Unifi Play Audio Port, Unifi Play Poweramp 2026-04-17 7.5 High
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
CVE-2024-44540 1 Ubiquiti 1 Airmax Firmware 2026-04-15 6.6 Medium
Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.
CVE-2025-24292 1 Ubiquiti 1 Unifi Network Application 2026-04-15 N/A
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
CVE-2024-22054 1 Ubiquiti 1 Unifi Uap Firmware 2026-04-15 7.5 High
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.
CVE-2025-27212 2 Ubiquiti, Ui 5 Unifi Access Points, Unifi Os, Intercom and 2 more 2026-04-15 9.8 Critical
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later
CVE-2024-42028 1 Ubiquiti 1 Unifi Network Application 2026-04-15 8.8 High
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.