A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier)
Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later
