8.8
CVE-2026-55112
- EPSS 0.2%
- Veröffentlicht 02.07.2026 14:50:48
- Zuletzt bearbeitet 10.07.2026 02:46:09
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Dream Machine Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Special Edition Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Pro Max Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Beast Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Wall Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router 7 Firmware Version <= 5.1.15
Ui ≫ Unifi Cloudkey Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Instant Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Core Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Max Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Industrial Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Fiber Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router 5g Max Firmware Version <= 5.1.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.098 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc