VYPR

Unifi

by Ubiquiti Inc

CVEs (14)

  • CVE-2026-34910CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.79

    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

  • CVE-2026-34909CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.02

    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

  • CVE-2026-34908CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.02

    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

  • CVE-2026-47369CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.00

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

  • CVE-2016-7792HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.03

    Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.

  • CVE-2026-48610HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

  • CVE-2026-34911HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.01

    A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

  • CVE-2024-22054HigFeb 20, 2024
    risk 0.49cvss 7.5epss 0.01

    A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode…

  • CVE-2025-23091MedFeb 1, 2025
    risk 0.38cvss 5.9epss 0.00

    An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

  • CVE-2023-38034Aug 10, 2023
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches…

  • CVE-2023-28365Jun 30, 2023
    risk 0.00cvss epss 0.01

    A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

  • CVE-2023-31997Jun 30, 2023
    risk 0.00cvss epss 0.00

    UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the…

  • CVE-2023-28361May 11, 2023
    risk 0.00cvss epss 0.00

    A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR…

  • CVE-2018-5264Jun 7, 2019
    risk 0.00cvss epss 0.01

    Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree…