Unifi
by Ubiquiti Inc
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34910 | Cri | 0.77 | 10.0 | 0.79 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-34909 | Cri | 0.77 | 10.0 | 0.02 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account. | |
| CVE-2026-34908 | Cri | 0.77 | 10.0 | 0.02 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |
| CVE-2026-47369 | Cri | 0.64 | 9.9 | 0.00 | Jun 12, 2026 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||
| CVE-2016-7792 | Hig | 0.57 | 8.8 | 0.03 | Jan 23, 2017 | Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | ||
| CVE-2026-48610 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. | ||
| CVE-2026-34911 | Hig | 0.50 | 7.7 | 0.01 | May 22, 2026 | A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information. | ||
| CVE-2024-22054 | Hig | 0.49 | 7.5 | 0.01 | Feb 20, 2024 | A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode… | ||
| CVE-2025-23091 | Med | 0.38 | 5.9 | 0.00 | Feb 1, 2025 | An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update. | ||
| CVE-2023-38034 | 0.00 | — | 0.01 | Aug 10, 2023 | A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches… | |||
| CVE-2023-28365 | 0.00 | — | 0.01 | Jun 30, 2023 | A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | |||
| CVE-2023-31997 | 0.00 | — | 0.00 | Jun 30, 2023 | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the… | |||
| CVE-2023-28361 | 0.00 | — | 0.00 | May 11, 2023 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR… | |||
| CVE-2018-5264 | 0.00 | — | 0.01 | Jun 7, 2019 | Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree… |
- risk 0.77cvss 10.0epss 0.79
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
- risk 0.77cvss 10.0epss 0.02
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
- risk 0.77cvss 10.0epss 0.02
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
- risk 0.64cvss 9.9epss 0.00
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
- risk 0.57cvss 8.8epss 0.03
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.
- risk 0.53cvss 8.1epss 0.00
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
- risk 0.50cvss 7.7epss 0.01
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode…
- risk 0.38cvss 5.9epss 0.00
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
- CVE-2023-38034Aug 10, 2023risk 0.00cvss —epss 0.01
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches…
- CVE-2023-28365Jun 30, 2023risk 0.00cvss —epss 0.01
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
- CVE-2023-31997Jun 30, 2023risk 0.00cvss —epss 0.00
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the…
- CVE-2023-28361May 11, 2023risk 0.00cvss —epss 0.00
A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR…
- CVE-2018-5264Jun 7, 2019risk 0.00cvss —epss 0.01
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree…