7.7

CVE-2026-34911

Medienbericht
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UiUnifi Os Server Version < 5.0.8
UiUnifi Dream Machine Firmware Version < 5.1.12
   UiUnifi Dream Machine Version-
UiUnifi Dream Machine Pro Firmware Version < 5.1.12
   UiUnifi Dream Machine Pro Version-
UiUnifi Dream Wall Firmware Version < 5.1.12
   UiUnifi Dream Wall Version-
UiUnifi Dream Router Firmware Version < 5.1.12
   UiUnifi Dream Router Version-
UiUnifi Dream Router 7 Firmware Version < 5.1.12
   UiUnifi Dream Router 7 Version-
UiUnifi Express 7 Firmware Version < 5.1.12
   UiUnifi Express 7 Version-
UiUnifi Cloud Gateway Ultra Firmware Version < 5.1.12
   UiUnifi Cloud Gateway Ultra Version-
UiUnifi Cloud Gateway Max Firmware Version < 5.1.12
   UiUnifi Cloud Gateway Max Version-
UiUnifi Cloud Gateway Fiber Firmware Version < 5.1.12
   UiUnifi Cloud Gateway Fiber Version-
UiUnifi Dream Router 5g Max Firmware Version < 5.1.12
   UiUnifi Dream Router 5g Max Version-
UiUnifi Cloud Key Plus Firmware Version < 5.1.12
   UiUnifi Cloud Key Plus Version-
UiUnifi Cloudkey Firmware Version < 5.1.12
   UiUnifi Cloudkey Version-
UiUnifi Cloudkey Enterprise Firmware Version < 5.1.12
   UiUnifi Cloudkey Enterprise Version-
UiUnifi Dream Machine Beast Firmware Version < 5.1.11
   UiUnifi Dream Machine Beast Version-
UiUnas 2 Firmware Version < 5.1.10
   UiUnas 2 Version-
UiUnas 4 Firmware Version < 5.1.10
   UiUnas 4 Version-
UiUnas Pro Firmware Version < 5.1.10
   UiUnas Pro Version-
UiUnas Pro 4 Firmware Version < 5.1.10
   UiUnas Pro 4 Version-
UiUnas Pro 8 Firmware Version < 5.1.10
   UiUnas Pro 8 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.68% 0.477
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
support@hackerone.com 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:45
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:44
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:43
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
Patch
Vendor Advisory