Impact
The vulnerability is a Path Traversal flaw (CWE-22) that allows an attacker with network access to bypass authentication on affected UniFi OS devices. By supplying a crafted file path, the attacker can access the device’s management interface without valid credentials.
Affected Systems
Affected systems include Ubiquiti Unifi OS products such as Cloud Gateways, Cloud Keys, Dream Machines, Dream Routers, Dream Wall, Enterprise Firewall Core, Enterprise Fortress Gateway, Enterprise Video Recorders, Express 7, Network Attached Storage, Network Video Recorders, and the UniFi OS Server. No specific version numbers are listed in the advisory.
Risk and Exploitability
The CVSS base score of 8.6 indicates a high severity exposure. EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The flaw requires network access to the UniFi OS device; an attacker able to reach the device on the network can exploit the path traversal to bypass authentication and potentially gain unauthorized control over the device configuration and network traffic. Prompt remediation is advised due to the high impact indicated by the CVSS score.
OpenCVE Enrichment