Description
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ubiquiti Inc / EFG0 β 5.1.12
- Ubiquiti Inc / ENVR0 β 5.1.12
- Ubiquiti Inc / ENVR-Core0 β 5.1.12
- Ubiquiti Inc / Express 70 β 5.1.12
- Ubiquiti Inc / UCG-Fiber0 β 5.1.12
- Ubiquiti Inc / UCG-Industrial0 β 5.1.12
- Ubiquiti Inc / UCG-Max0 β 5.1.12
- Ubiquiti Inc / UCG-Ultra0 β 5.1.12
- Ubiquiti Inc / UCK0 β 5.1.12
- Ubiquiti Inc / UCK-Enterprise0 β 5.1.12
- Ubiquiti Inc / UCKP0 β 5.1.12
- Ubiquiti Inc / UDM0 β 5.1.12
- Ubiquiti Inc / UDM-Beast0 β 5.1.11
- Ubiquiti Inc / UDM-Pro0 β 5.1.12
- Ubiquiti Inc / UDM-Pro-Max0 β 5.1.12
- Ubiquiti Inc / UDM-SE0 β 5.1.12
- Ubiquiti Inc / UDR0 β 5.1.12
- Ubiquiti Inc / UDR-5G0 β 5.1.12
- Ubiquiti Inc / UDR70 β 5.1.12
- Ubiquiti Inc / UDW0 β 5.1.12
- Ubiquiti Inc / UNAS-20 β 5.1.10
- Ubiquiti Inc / UNAS-40 β 5.1.10
- Ubiquiti Inc / UNAS-Pro0 β 5.1.10
- Ubiquiti Inc / UNAS-Pro-40 β 5.1.10
- Ubiquiti Inc / UNAS-Pro-80 β 5.1.10
- Ubiquiti Inc / UniFi OS Server0 β 5.0.8
- Ubiquiti Inc / UNVR0 β 5.1.12
- Ubiquiti Inc / UNVR-G20 β 5.1.12
- Ubiquiti Inc / UNVR-G2-Pro0 β 5.1.12
- Ubiquiti Inc / UNVR-Instant0 β 5.1.12
- Ubiquiti Inc / UNVR-Pro0 β 5.1.12
Exploits & PoCs
- nucleiUniFi OS Server - Command Injectionby Kazgangap