A new focus on network infrastructure devices has been drawn after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged several security vulnerabilities in Ubiquiti’s UniFi OS platform. Following evidence of active exploitation, the KEV catalog was updated to include these vulnerabilities.
Among the identified vulnerabilities are access control bypass, path traversal, and command injection vulnerabilities, which researchers warn can provide attackers with direct access from unauthenticated access to a complete system compromise. With UniFi OS widely deployed across enterprise, government, and service provider environments to manage networking equipment, the vulnerabilities present a significant threat to administrative control planes and sensitive operational information.
In the latest CISA alert, researchers have demonstrated that Internet-exposed management interfaces present an increased threat, as researchers have demonstrated how these flaws may be chained together to facilitate privileged remote code execution. In response, federal agencies and organizations are urging them to expedite remediation efforts before further exploitation activity occurs.
Inclusions of the KEVs are based on three distinct vulnerabilities that affect UniFi OS, when combined, significantly increases the attack surface of exposed deployments. In this vulnerability, unauthenticated actors have the capability to alter system settings and administrative configurations without authorization as a result of an access control bypass weakness.
The CVE-2026-4909 vulnerability exposes a path traversal condition that is capable of exposing underlying operating system files, potentially revealing credentials, configuration data, and other sensitive information that can be used to carry out further intrusions. As a result of an improper input validation attack, CVE-2026-34910 can be exploited to execute arbitrary operating system commands on targeted devices.
All three vulnerabilities were addressed by Ubiquiti through security updates released in May, noting that exploiting the vulnerabilities does not require prior authorization or elevated privileges, making timely patch deployment critical for organizations using UniFi infrastructure.
Following the analysis, Bishop Fox security researchers have demonstrated that these vulnerabilities are not isolated risks but can be chained together to permit remote code execution on affected systems using privileged privileges.
Using their findings, attackers were able to gain complete control over vulnerable UniFi OS instances by gaining initial unauthorized access, demonstrating how severe this vulnerability is in real-world environments.
Using their findings, attackers were able to gain complete control over vulnerable UniFi OS instances by gaining initial unauthorized access, demonstrating how severe this vulnerability is in real-world environments.
Additionally, the researchers published a detection utility to assist defenders in identifying and remediating vulnerable deployments across enterprise networks on GitHub.
In conjunction with the CISA alert, active exploitation concerns have also been raised regarding CVE-2025-67038, a critical root-level command injection vulnerability on Lantronix EDS5000 servers using firmware version 2.1.0.0R3 of Lantronix servers.
Shell commands are invoked as part of the mechanism used to record failed authentication attempts within the device’s HTTP RPC component, where the flaw occurs.
During the process of handling user input, improper handling could lead to command injection, making it possible for atta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
During the process of handling user input, improper handling could lead to command injection, making it possible for atta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: