EUVD-2026-31383
GHSA-p8c5-xwrc-584f
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
AnalysisAI
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configuration without authentication, affecting a broad range of UniFi gateways, dream machines, NVRs, NAS units, and cloud keys. The maximum CVSS 10.0 score reflects network-reachable, unauthenticated exploitation with scope change and full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the authentication bypass nature elevates urgency for any UniFi management plane exposed beyond trusted segments.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all UniFi OS devices and determine network exposure (which are internet-facing or accessible from untrusted segments). Within 7 days: Implement network segmentation to restrict UniFi management plane access to trusted administrative networks only; disable remote management if possible; require VPN for any off-site access. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope
Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file
Share
External POC / Exploit Code
Leaving vuln.today