Unifi Protect Floodlight
Monthly
Arbitrary file disclosure in Ubiquiti UniFi Protect Floodlight devices lets a network-adjacent attacker read files on the device via path traversal, exposing potentially sensitive local data. The flaw (CWE-22) is remotely reachable without authentication per the CVSS vector (PR:N) and carries high confidentiality impact but no integrity or availability effect. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Ubiquiti has issued a fix via Security Advisory Bulletin 066.
Arbitrary file disclosure in Ubiquiti UniFi Protect Floodlight devices lets a network-adjacent attacker read files on the device via path traversal, exposing potentially sensitive local data. The flaw (CWE-22) is remotely reachable without authentication per the CVSS vector (PR:N) and carries high confidentiality impact but no integrity or availability effect. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Ubiquiti has issued a fix via Security Advisory Bulletin 066.