Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
10DescriptionCVE.org
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier)
Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later
AnalysisAI
Denial of service in Ubiquiti UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) allows unauthenticated remote attackers to crash devices via improper input validation. CVSS 7.5 (High) with network-based attack requiring no privileges or user interaction. EPSS score of 0.01% (1st percentile) indicates minimal real-world exploitation likelihood. No public exploit identified at time of analysis. Vendor-released patches available: PowerAmp 1.0.38+ and Audio Port 1.1.9+.
Technical ContextAI
This vulnerability affects Ubiquiti's UniFi Play audio networking equipment, specifically the PowerAmp and Audio Port products which provide networked audio distribution capabilities. The root cause is CWE-20 (Improper Input Validation), where the devices fail to properly sanitize or validate network input before processing. This input validation weakness allows malformed or crafted packets to trigger an unhandled exception or resource exhaustion condition, causing the device firmware to enter an unresponsive state. The affected CPE strings (cpe:2.3:a:ubiquiti_inc:unifi_play_poweramp and cpe:2.3:a:ubiquiti_inc:unifi_play_audio_port) confirm these are application-layer vulnerabilities in the device management interfaces rather than hardware flaws. The network attack vector (AV:N) suggests the vulnerability exists in a remotely-accessible service, likely the device's web management interface or API endpoint used for configuration and control of the audio networking features.
RemediationAI
Update UniFi Play PowerAmp to firmware version 1.0.38 or later, and update UniFi Play Audio Port to firmware version 1.1.9 or later. Firmware updates should be obtained through the official Ubiquiti UniFi management console or downloaded directly from Ubiquiti's support portal. Consult the vendor's Security Advisory Bulletin 063 at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83 for detailed upgrade instructions and release notes. As an interim workaround until patching is completed, network segmentation can reduce exposure by restricting access to these devices to trusted management networks only, blocking external or untrusted network access to the device management interfaces via firewall rules or VLAN isolation. No alternative workarounds are documented by the vendor, making firmware updates the definitive remediation.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow
A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attac
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22094
GHSA-hj6r-ww52-66xr