Description
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.


Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)

UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later

Update UniFi Play Audio Port  to Version 1.1.9 or later
Published: 2026-04-13
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized disclosure of WiFi credentials
Action: Immediate Patch
AI Analysis

Impact

An improper access control flaw (CWE‑284) exists in Ubiquiti UniFi Play PowerAmp and Audio Port devices, allowing a malicious actor with local network access to retrieve the WiFi credentials stored on the device by bypassing authorization checks on configuration endpoints. The consequence is the exposure of sensitive authentication information that could enable unauthorized entry into the local network.

Affected Systems

The vulnerability affects Ubiquiti Inc’s UniFi Play PowerAmp firmware versions 1.0.35 and earlier, and UniFi Play Audio Port firmware versions 1.0.24 and earlier. The impacted devices are audio amplification appliances used in residential or small‑business environments.

Risk and Exploitability

The CVSS score of 7.5 reflects a moderate to high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that it has not yet been widely exploited. Based on the description, it is inferred that the attack vector is a host on the same local network, as authentication is not required to retrieve the stored credentials. An attacker could simply send crafted requests to the affected device and obtain the WiFi credentials, potentially enabling further compromise of the local network.

Generated by OpenCVE AI on April 13, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update UniFi Play PowerAmp firmware to version 1.0.38 or later.
  • Update UniFi Play Audio Port firmware to version 1.1.9 or later.

Generated by OpenCVE AI on April 13, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Ubiquiti UniFi Play Devices Enables Unauthorized Retrieval of WiFi Credentials

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp
Vendors & Products Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ubiquiti Unifi Play Audio Port Unifi Play Poweramp
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-04-14T13:14:19.836Z

Reserved: 2026-01-07T15:39:03.441Z

Link: CVE-2026-22566

cve-icon Vulnrichment

Updated: 2026-04-14T13:09:35.166Z

cve-icon NVD

Status : Received

Published: 2026-04-13T22:16:28.437

Modified: 2026-04-13T22:16:28.437

Link: CVE-2026-22566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:03Z

Weaknesses