Tag

Unifi

5 briefs RSS

UniFi Play Path Traversal Vulnerability (CVE-2026-22562)

A path traversal vulnerability in UniFi Play devices allows an attacker with network access to write arbitrary files, leading to remote code execution.

path-traversal rce unifi

2r 2t 1c 2w ago

medium advisory

UniFi Play Improper Access Control Vulnerability (CVE-2026-22566)

2 rules 1 TTP 1 CVE

An improper access control vulnerability in UniFi Play PowerAmp and Audio Port allows a malicious actor with access to the UniFi Play network to obtain WiFi credentials.

vulnerability access-control unifi

2r 1t 1c 3w ago

critical advisory

UniFi Play Command Injection Vulnerability (CVE-2026-22563)

2 rules 1 TTP 1 CVE 1 IOC

A malicious actor with access to the UniFi Play network can exploit improper input validation vulnerabilities (CVE-2026-22563) in UniFi Play PowerAmp and Audio Port to inject commands, potentially leading to arbitrary code execution.

command-injection unifi cve-2026-22563

2r 1t 1c 1i 3w ago

high advisory

UniFi Network Controller Improper Certificate Verification Vulnerability (CVE-2019-25652)

2 rules 2 TTPs

UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.

unifi mitm credential-theft cve-2019-25652

2r 2t Mar 27, 2026

critical advisory

UniFi Network Application Vulnerabilities CVE-2026-22557 and CVE-2026-22558

2 rules 2 TTPs

A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.

unifi path-traversal nosql-injection cve-2026-22557 cve-2026-22558

2r 2t Mar 21, 2026