9.9

CVE-2026-54402

Medienbericht
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UiUnifi Os Server Version <= 5.1.15
UiUnifi Dream Machine Firmware Version <= 5.1.15
   UiUnifi Dream Machine Version-
UiUnifi Dream Machine Pro Firmware Version <= 5.1.15
   UiUnifi Dream Machine Pro Version-
UiUnifi Dream Machine Pro Max Firmware Version <= 5.1.15
   UiUnifi Dream Machine Pro Max Version-
UiUnifi Dream Machine Beast Firmware Version <= 5.1.15
   UiUnifi Dream Machine Beast Version-
UiEnterprise Fortress Gateway Firmware Version <= 5.1.15
   UiEnterprise Fortress Gateway Version-
UiUnifi Dream Router Firmware Version <= 5.1.15
   UiUnifi Dream Router Version-
UiUnifi Dream Wall Firmware Version <= 5.1.15
   UiUnifi Dream Wall Version-
UiUnifi Dream Router 7 Firmware Version <= 5.1.15
   UiUnifi Dream Router 7 Version-
UiUnifi Express 7 Firmware Version <= 5.1.15
   UiUnifi Express 7 Version-
UiUnifi Cloudkey Firmware Version <= 5.1.15
   UiUnifi Cloudkey Version-
UiUnifi Cloud Key Plus Firmware Version <= 5.1.15
   UiUnifi Cloud Key Plus Version-
UiUnifi Cloudkey Enterprise Firmware Version <= 5.1.15
   UiUnifi Cloudkey Enterprise Version-
UiUnifi Cloud Gateway Ultra Firmware Version <= 5.1.15
   UiUnifi Cloud Gateway Ultra Version-
UiUnifi Cloud Gateway Max Firmware Version <= 5.1.15
   UiUnifi Cloud Gateway Max Version-
UiUnifi Cloud Gateway Fiber Firmware Version <= 5.1.15
   UiUnifi Cloud Gateway Fiber Version-
UiUnas 2 Firmware Version <= 5.1.16
   UiUnas 2 Version-
UiUnas 4 Firmware Version <= 5.1.16
   UiUnas 4 Version-
UiUnas Pro Firmware Version <= 5.1.16
   UiUnas Pro Version-
UiUnas Pro 4 Firmware Version <= 5.1.16
   UiUnas Pro 4 Version-
UiUnas Pro 8 Firmware Version <= 5.1.16
   UiUnas Pro 8 Version-
UiEnterprise Firewall Core Firmware Version <= 5.1.18
   UiEnterprise Firewall Core Version-
UiUnifi Dream Router 5g Max Firmware Version <= 5.1.15
   UiUnifi Dream Router 5g Max Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.87% 0.546
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
support@hackerone.com 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.07.2026 17:04
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.07.2026 10:19
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
Vendor Advisory