A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
| Vendor | Product | Versions |
|---|---|---|
| ui | unifi_os_server | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| ubiquiti | unifi | cert_advisory | 90% |
| ui | unifi_dream_router_7_firmware | cve_cpe | 95% |
| ui | enterprise_network_video_recorder_core_firmware | cve_cpe | 95% |
| ui | unas_pro_4_firmware | cve_cpe | 95% |
| ui | unifi_dream_router | cve_cpe | 95% |
Updated description with technical details about the vulnerability and added new tags.
Updated affected versions with specific UniFi OS devices and marked the vulnerability as actively exploited.
Initial creation
