7.7
CVE-2026-34911
- EPSS 0.68%
- Veröffentlicht 22.05.2026 00:43:49
- Zuletzt bearbeitet 24.06.2026 15:15:58
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Os Server Version < 5.0.8
Ui ≫ Unifi Cloud Gateway Industrial Firmware Version < 5.1.12
Ui ≫ Unifi Dream Machine Firmware Version < 5.1.12
Ui ≫ Unifi Dream Machine Pro Firmware Version < 5.1.12
Ui ≫ Unifi Dream Machine Special Edition Firmware Version < 5.1.12
Ui ≫ Unifi Dream Machine Pro Max Firmware Version < 5.1.12
Ui ≫ Enterprise Fortress Gateway Firmware Version < 5.1.12
Ui ≫ Unifi Dream Wall Firmware Version < 5.1.12
Ui ≫ Unifi Dream Router Firmware Version < 5.1.12
Ui ≫ Unifi Dream Router 7 Firmware Version < 5.1.12
Ui ≫ Unifi Express 7 Firmware Version < 5.1.12
Ui ≫ Unifi Network Video Recorder Firmware Version < 5.1.12
Ui ≫ Unifi Network Video Recorder Pro Firmware Version < 5.1.12
Ui ≫ Unifi Network Video Recorder Instant Firmware Version < 5.1.12
Ui ≫ Enterprise Network Video Recorder Firmware Version < 5.1.12
Ui ≫ Unifi Cloud Gateway Ultra Firmware Version < 5.1.12
Ui ≫ Unifi Cloud Gateway Max Firmware Version < 5.1.12
Ui ≫ Unifi Cloud Gateway Fiber Firmware Version < 5.1.12
Ui ≫ Unifi Dream Router 5g Max Firmware Version < 5.1.12
Ui ≫ Enterprise Network Video Recorder Core Firmware Version < 5.1.12
Ui ≫ Unifi Cloud Key Plus Firmware Version < 5.1.12
Ui ≫ Unifi Cloudkey Firmware Version < 5.1.12
Ui ≫ Unifi Cloudkey Enterprise Firmware Version < 5.1.12
Ui ≫ Unifi Network Video Recorder G2 Firmware Version < 5.1.12
Ui ≫ Unifi Network Video Recorder G2 Pro Firmware Version < 5.1.12
Ui ≫ Unifi Dream Machine Beast Firmware Version < 5.1.11
Ui ≫ Unas 2 Firmware Version < 5.1.10
Ui ≫ Unas 4 Firmware Version < 5.1.10
Ui ≫ Unas Pro Firmware Version < 5.1.10
Ui ≫ Unas Pro 4 Firmware Version < 5.1.10
Ui ≫ Unas Pro 8 Firmware Version < 5.1.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.477 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| support@hackerone.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b