1 article
Ubiquiti published Security Bulletin 064 on 22 May disclosing five CVEs in UniFi OS devices, three of which score CVSS 10.0: an improper access control flaw, a path traversal enabling arbitrary file read and write, and a command injection that provides root shell access — all exploitable without authentication from the network. Enterprise environments using UniFi Wi-Fi infrastructure must update immediately.