An improper access control vulnerability in UniFi OS allows a malicious actor with network access to make unauthorized changes to the device.

The vulnerability is an improper access control flaw that can be exploited by an attacker with access to the local network. This permits the attacker to bypass access restrictions and modify device configurations without proper authorization.

A CVSS score of 8.1 indicates a high risk to organizational infrastructure. An attacker could potentially reconfigure network devices, intercept traffic, or cause a denial-of-service, leading to significant operational disruption and loss of management control over the network.

Immediate Action: Update all UniFi OS devices to the latest firmware version provided by Ubiquiti to remediate the access control flaw.

Proactive Monitoring: Review device audit logs for unauthorized configuration changes or unexpected administrative sessions.

Compensating Controls: Restrict management interface access to trusted, isolated management VLANs to prevent unauthorized actors from reaching the device interface.

Public Exploit Available: false

Administrators should prioritize firmware updates for all UniFi OS-based devices. Ensuring that management interfaces are not exposed to untrusted network segments is critical to mitigating the risk until all devices can be fully patched.