← CIO Briefings · Critical Impact ACTION REQUIRED

Three Maximum-Severity Security Flaws Discovered in Ubiquiti Network Management Software — Update Required Immediately

Ubiquiti has disclosed three maximum-severity (CVSS 10.0) security vulnerabilities in UniFi OS — the management software that controls Ubiquiti Wi-Fi access points, switches, and network gateways. Attackers with network access to the management interface can gain full administrative control without any password. Organisations using Ubiquiti UniFi equipment must apply updates immediately.

3 min read
#NIS2#ISO-27001#PCI-DSS

What Happened

Ubiquiti — a company that makes Wi-Fi equipment, network switches, and security cameras used by many organisations — has disclosed three maximum-severity security vulnerabilities in the software that manages all of their network equipment. These vulnerabilities allow an attacker with network access to the management software to take complete control of all Ubiquiti equipment without needing any username or password.

The management software, called UniFi OS, runs on the Dream Machine, Dream Router, or Cloud Gateway devices that serve as the central controller for Ubiquiti Wi-Fi networks. A single compromised controller gives an attacker control over every Wi-Fi access point, network switch, and network policy managed by that controller.

Ubiquiti has released a software update that fixes these vulnerabilities. This update must be applied immediately.

Business Impact

An attacker who exploits these vulnerabilities on your UniFi controller can:

  • Access and monitor all Wi-Fi traffic: Configure the network to intercept wireless communications between company devices
  • Create rogue Wi-Fi networks: Add unauthorised access points or SSIDs that redirect employees to attacker-controlled websites
  • Access all network segments connected through UniFi switches and gateways — including any network segment accessible from the controller
  • Move laterally across the network: Use network-level access to reach internal servers, databases, and other systems

The impact is equivalent to an attacker having physical access to your network infrastructure and administrative credentials to all network equipment.

Who Is Affected

Organisations using any of the following Ubiquiti hardware as a primary network controller:

  • UniFi Dream Machine (UDM or UDM Pro)
  • UniFi Dream Machine Special Edition (UDM SE)
  • UniFi Dream Router (UDR)
  • UniFi Cloud Gateway Ultra or Max

Wi-Fi access points, switches, and cameras managed by these controllers are not directly vulnerable but are under attacker control if the controller is compromised.

Board-Ready Summary

  • Our Wi-Fi management system has three critical security flaws that allow attackers to take control of our network without a password.
  • We are applying the security update immediately.
  • The management system should not be accessible from the internet — we are verifying this.

  1. Update UniFi OS immediately (today): Log in to the UniFi controller (the Dream Machine or Cloud Gateway device) at its local IP address or through unifi.ui.com. Navigate to System → Updates and apply the latest UniFi OS version.

  2. Verify the management interface is not internet-accessible: Check that the controller’s management port (TCP 443) is not exposed to the internet through your router or firewall. If you use UniFi’s cloud management feature, verify that it requires authentication and has not been changed to allow unauthenticated access.

  3. Review recent network changes: Check the UniFi controller’s event log (System → System Log) for any network configuration changes not made by known administrators. Look for new Wi-Fi networks (SSIDs), new user accounts, or policy changes that were not authorised.

  4. Consider network isolation of the controller: The UniFi controller should be on a dedicated management network segment accessible only to IT administrators, not from general staff workstations or the internet.