8.8

CVE-2026-55112

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UiUnifi Dream Machine Pro Firmware Version <= 5.1.15
   UiUnifi Dream Machine Pro Version-
UiUnifi Dream Machine Pro Max Firmware Version <= 5.1.15
   UiUnifi Dream Machine Pro Max Version-
UiUnifi Dream Machine Beast Firmware Version <= 5.1.15
   UiUnifi Dream Machine Beast Version-
UiUnifi Dream Router Firmware Version <= 5.1.15
   UiUnifi Dream Router Version-
UiUnifi Dream Wall Firmware Version <= 5.1.15
   UiUnifi Dream Wall Version-
UiUnifi Dream Router 7 Firmware Version <= 5.1.15
   UiUnifi Dream Router 7 Version-
UiUnifi Cloudkey Firmware Version <= 5.1.15
   UiUnifi Cloudkey Version-
UiUnifi Cloud Gateway Max Firmware Version <= 5.1.15
   UiUnifi Cloud Gateway Max Version-
UiUnifi Cloud Gateway Fiber Firmware Version <= 5.1.15
   UiUnifi Cloud Gateway Fiber Version-
UiUnifi Dream Router 5g Max Firmware Version <= 5.1.15
   UiUnifi Dream Router 5g Max Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
support@hackerone.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
Vendor Advisory