VYPR

Vendor CVEs

Ubiquiti Inc

All CVEs

120 total · sorted by risk
  • CVE-2010-5330CriKEVJun 11, 2019
    risk 0.78cvss 9.8epss 0.34

    On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products,…

  • CVE-2026-34910CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.79

    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

  • CVE-2026-34909CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.02

    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

  • CVE-2026-34908CriKEVMay 22, 2026
    risk 0.77cvss 10.0epss 0.02

    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

  • CVE-2015-9266CriSep 5, 2018
    risk 0.73cvss 9.8epss 0.74

    The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root…

  • CVE-2026-22557CriMar 19, 2026
    risk 0.65cvss 10.0epss 0.16

    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

  • CVE-2025-23123CriMay 19, 2025
    risk 0.65cvss 10.0epss 0.01

    A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.

  • CVE-2026-47369CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.00

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

  • CVE-2026-47367CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.

  • CVE-2026-22563CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.01

    A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 …

  • CVE-2026-22562CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.01

    A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and…

  • CVE-2020-37052CriJan 30, 2026
    risk 0.64cvss 9.8epss 0.01

    AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially…

  • CVE-2025-27214CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.00

    A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and…

  • CVE-2025-24285CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite (Version 1.5.1 and earlier) …

  • CVE-2025-27212CriAug 4, 2025
    risk 0.64cvss 9.8epss 0.01

    An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro…

  • CVE-2025-24290CriJun 29, 2025
    risk 0.64cvss 9.9epss 0.00

    Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

  • CVE-2024-54750CriDec 6, 2024
    risk 0.64cvss 9.8epss 0.00

    Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.

  • CVE-2023-38034CriAug 10, 2023
    risk 0.64cvss 9.8epss 0.01

    A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches…

  • CVE-2023-35085CriAug 10, 2023
    risk 0.64cvss 9.8epss 0.01

    An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All…

  • CVE-2023-24104CriFeb 23, 2023
    risk 0.64cvss 9.8epss 0.01

    Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.

  • CVE-2021-44530CriJan 14, 2022
    risk 0.64cvss 9.8epss 0.01

    An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

  • CVE-2020-8234CriAug 21, 2020
    risk 0.64cvss 9.8epss 0.03

    A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.

  • CVE-2020-8171CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.04

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that…

  • CVE-2025-23116CriMar 1, 2025
    risk 0.62cvss 9.6epss 0.01

    An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.

  • CVE-2021-22943CriAug 31, 2021
    risk 0.62cvss 9.6epss 0.00

    A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0…

  • CVE-2025-27217CriAug 21, 2025
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.

  • CVE-2025-23115CriMar 1, 2025
    risk 0.59cvss 9.0epss 0.01

    A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.

  • CVE-2023-31997CriJul 1, 2023
    risk 0.59cvss 9.0epss 0.00

    UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the…

  • CVE-2023-28365CriJul 1, 2023
    risk 0.59cvss 9.1epss 0.01

    A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

  • CVE-2020-8233HigAug 17, 2020
    risk 0.58cvss 8.8epss 0.04

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

  • CVE-2026-22559HigMar 24, 2026
    risk 0.57cvss 8.8epss 0.00

    An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) …

  • CVE-2025-27216HigAug 21, 2025
    risk 0.57cvss 8.8epss 0.00

    Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.

  • CVE-2024-42028HigOct 28, 2024
    risk 0.57cvss 8.8epss 0.00

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.

  • CVE-2023-23912HigFeb 9, 2023
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface…

  • CVE-2022-43553HigDec 5, 2022
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.

  • CVE-2021-22957HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in…

  • CVE-2021-22952HigSep 23, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk…

  • CVE-2020-8282HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.01

    A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.

  • CVE-2020-8188HigJul 2, 2020
    risk 0.57cvss 8.8epss 0.01

    We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description…

  • CVE-2020-8168HigMay 26, 2020
    risk 0.57cvss 8.8epss 0.01

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against…

  • CVE-2019-5425HigApr 10, 2019
    risk 0.57cvss 8.8epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

  • CVE-2017-0935HigMar 22, 2018
    risk 0.57cvss 8.8epss 0.01

    Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could…

  • CVE-2017-0934HigMar 22, 2018
    risk 0.57cvss 8.8epss 0.01

    Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate…

  • CVE-2017-0932HigMar 22, 2018
    risk 0.57cvss 8.8epss 0.01

    Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices…

  • CVE-2016-7792HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.03

    Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.

  • CVE-2019-25651HigMar 27, 2026
    risk 0.54cvss 8.3epss 0.00

    Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains…

  • CVE-2016-6914HigDec 27, 2017
    risk 0.54cvss 7.8epss 0.01

    Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

  • CVE-2026-48610HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

  • CVE-2025-27215HigAug 21, 2025
    risk 0.53cvss 8.1epss 0.00

    An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display…

  • CVE-2017-0933HigMar 22, 2018
    risk 0.52cvss 8.0epss 0.01

    Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin…

Page 1 of 3