4 advisories tracked · Ubiquiti Security Advisory Bulletins + NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Ubiquiti's recent advisories.
Ubiquiti Security Advisory Bulletins + NVD
Ubiquiti publishes Security Advisory Bulletins on its community site (community.ui.com), but there is no machine-readable feed and its CVEs are coordinated through HackerOne rather than a single Ubiquiti CNA — so VulniPulse ingests them from NVD (keyword-filtered to Ubiquiti) and links each CVE back to its community.ui.com bulletin when referenced. Covers UniFi Network / UniFi OS, the Dream Machine line (UDM/UDR/UCG), UniFi Protect, Access, Talk and Connect, plus EdgeRouter, EdgeSwitch, UISP and AmpliFi — an enormous internet-facing prosumer + SMB fleet that repeatedly ships max-severity (CVSS 10.0) flaws.
Visit Ubiquiti security advisoriesUbiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.