A critical path traversal vulnerability in Ubiquiti UniFi OS permits unauthorized access to sensitive system files, risking full device compromise.

The vulnerability exists due to insufficient validation of user-supplied input, enabling path traversal. This allows an attacker with network access to traverse the file system and access restricted data, including account credentials.

With a CVSS score of 10.0, this vulnerability enables an attacker to exfiltrate system configuration files or sensitive credentials. This could lead to a total compromise of the device and potential lateral movement within the network, causing significant data loss or operational downtime.

Immediate Action: Update all UniFi OS devices to the latest vendor-supplied firmware version to resolve the path traversal issue.

Proactive Monitoring: Review system file access logs for patterns indicative of directory traversal attempts (e.g., "../" sequences).

Compensating Controls: Employ a Web Application Firewall (WAF) or equivalent network security appliance to inspect and block malicious requests containing path traversal sequences.

Public Exploit Available: No

Immediate patching is required to prevent unauthorized access to sensitive system files. Organizations should also audit current user account activity to ensure no credentials have been compromised through this vector.