Unifi Protect Application
Monthly
Privilege escalation in Ubiquiti's UniFi Protect Application is possible through an authenticated SQL injection (CWE-89) reachable by a low-privileged user with network access, letting that attacker escalate privileges on the underlying host device with full confidentiality, integrity, and availability impact. The flaw was reported through HackerOne and disclosed in Ubiquiti Security Advisory Bulletin 066; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 8.8 (AV:N/AC:L/PR:L) it is a high-priority patch for any exposed NVR/Protect deployment.
Privilege escalation via Server-Side Request Forgery in Ubiquiti's UniFi Protect Application allows a low-privileged, network-adjacent attacker to coerce the application into making attacker-controlled requests and escalate to control of the host device. The CVSS 9.9 rating is driven by a scope change (S:C) plus full confidentiality, integrity, and availability impact, meaning the SSRF crosses a security boundary from the application into the underlying host. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker access data streams without valid credentials, stemming from improper access control (CWE-284). The CVSS 8.6 rating reflects high confidentiality impact with low integrity/availability effects, and no authentication or user interaction is required per the vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Ubiquiti has published a security advisory (Bulletin 066).
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker gain unauthorized access to managed UniFi Protect Cameras by abusing an improper initialization flaw (CWE-665). The issue is remotely reachable but constrained - successful exploitation requires specific conditions and some user interaction - and no public exploit code has been identified at time of analysis. Ubiquiti has published Security Advisory Bulletin 066 addressing the flaw.
Authentication bypass in Ubiquiti UniFi Protect Application lets a network-adjacent attacker reach certain API endpoints without valid credentials due to improper access control (CWE-284). Rated CVSS 8.6, the flaw combines low confidentiality and integrity impact with high availability impact, meaning an unauthenticated actor on the network could interact with protected surveillance-management functions. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but the network vector with no privileges required (AV:N/PR:N) makes it a meaningful exposure for internet- or LAN-reachable deployments.
Privilege escalation in Ubiquiti's UniFi Protect Application is possible through an authenticated SQL injection (CWE-89) reachable by a low-privileged user with network access, letting that attacker escalate privileges on the underlying host device with full confidentiality, integrity, and availability impact. The flaw was reported through HackerOne and disclosed in Ubiquiti Security Advisory Bulletin 066; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 8.8 (AV:N/AC:L/PR:L) it is a high-priority patch for any exposed NVR/Protect deployment.
Privilege escalation via Server-Side Request Forgery in Ubiquiti's UniFi Protect Application allows a low-privileged, network-adjacent attacker to coerce the application into making attacker-controlled requests and escalate to control of the host device. The CVSS 9.9 rating is driven by a scope change (S:C) plus full confidentiality, integrity, and availability impact, meaning the SSRF crosses a security boundary from the application into the underlying host. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; EPSS data was not provided.
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker access data streams without valid credentials, stemming from improper access control (CWE-284). The CVSS 8.6 rating reflects high confidentiality impact with low integrity/availability effects, and no authentication or user interaction is required per the vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Ubiquiti has published a security advisory (Bulletin 066).
Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker gain unauthorized access to managed UniFi Protect Cameras by abusing an improper initialization flaw (CWE-665). The issue is remotely reachable but constrained - successful exploitation requires specific conditions and some user interaction - and no public exploit code has been identified at time of analysis. Ubiquiti has published Security Advisory Bulletin 066 addressing the flaw.
Authentication bypass in Ubiquiti UniFi Protect Application lets a network-adjacent attacker reach certain API endpoints without valid credentials due to improper access control (CWE-284). Rated CVSS 8.6, the flaw combines low confidentiality and integrity impact with high availability impact, meaning an unauthenticated actor on the network could interact with protected surveillance-management functions. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but the network vector with no privileges required (AV:N/PR:N) makes it a meaningful exposure for internet- or LAN-reachable deployments.