Critical Vulnerability in UniFi OS Allows Hackers to Gain Root Access Without Authentication

Cybersecurity experts have discovered a critical vulnerability in Ubiquiti’s UniFi OS that allows attackers to gain unauthorized root access. The issue arises from chaining three previously resolved vulnerabilities, enabling arbitrary code execution on vulnerable servers without authentication.

The vulnerability affects Ubiquiti’s enterprise solutions, including network controllers and access point management systems. Successful exploitation could lead to complete infrastructure compromise, posing serious risks for businesses relying on Ubiquiti devices for network deployment.

Ubiquiti has released patches to address the vulnerabilities, but administrators are urged to update their systems immediately. Experts emphasize the importance of timely patching, as attacks exploiting such flaws could result in widespread consequences, including data breaches and disruption of critical network services.