Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Network-reachable and unauthenticated (AV:N/PR:N) but gated by specific conditions and a user action (AC:H/UI:R); camera access gives high C/I, with availability only limited (A:L).
Primary rating from Vendor (hackerone).
CVSS VectorVendor: hackerone
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.
AnalysisAI
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker gain unauthorized access to managed UniFi Protect Cameras by abusing an improper initialization flaw (CWE-665). The issue is remotely reachable but constrained - successful exploitation requires specific conditions and some user interaction - and no public exploit code has been identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the UniFi Protect Application (AV:N, described as 'access to the network') and does not require pre-existing credentials (PR:N) - the flaw itself bypasses authentication. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a real-but-non-emergency risk rather than mass exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the UniFi Protect application on the network waits for or induces the specific conditions and user interaction the flaw requires, then leverages the improperly initialized authentication state to slip past login and reach the managed cameras. Once past authentication they can view live and recorded feeds and alter camera or Protect configuration. … |
| Remediation | Patch available per vendor advisory: apply the UniFi Protect Application update referenced in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the input data does not specify an exact fixed version, so confirm the target build from that bulletin before deploying. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Ubiquiti UniFi Protect deployments and document versions in use; restrict network access to management interfaces to trusted networks only; implement network-level filtering if possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Unifi Protect Application
View allPrivilege escalation via Server-Side Request Forgery in Ubiquiti's UniFi Protect Application allows a low-privileged, ne
Privilege escalation in Ubiquiti's UniFi Protect Application is possible through an authenticated SQL injection (CWE-89)
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker access data streams witho
Authentication bypass in Ubiquiti UniFi Protect Application lets a network-adjacent attacker reach certain API endpoints
Same weakness CWE-665 – Improper Initialization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41382
GHSA-5wch-8p23-hj3x