9.9
CVE-2026-54402
- EPSS 0.87%
- Veröffentlicht 02.07.2026 14:49:17
- Zuletzt bearbeitet 10.07.2026 02:49:32
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Os Server Version <= 5.1.15
Ui ≫ Unifi Dream Machine Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Special Edition Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Pro Max Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Beast Firmware Version <= 5.1.15
Ui ≫ Enterprise Fortress Gateway Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Wall Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router 7 Firmware Version <= 5.1.15
Ui ≫ Unifi Express 7 Firmware Version <= 5.1.15
Ui ≫ Unifi Cloudkey Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Key Plus Firmware Version <= 5.1.15
Ui ≫ Unifi Cloudkey Enterprise Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Instant Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Core Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Ultra Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Max Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Industrial Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Fiber Firmware Version <= 5.1.15
Ui ≫ Unas 2 Firmware Version <= 5.1.16
Ui ≫ Unas 4 Firmware Version <= 5.1.16
Ui ≫ Unas Pro Firmware Version <= 5.1.16
Ui ≫ Unas Pro 4 Firmware Version <= 5.1.16
Ui ≫ Unas Pro 8 Firmware Version <= 5.1.16
Ui ≫ Enterprise Firewall Core Firmware Version <= 5.1.18
Ui ≫ Unifi Dream Router 5g Max Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Firmware Version <= 5.1.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.546 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc