Can Remote Hacks Compromise Your UniFi Protect Camera System?

Article Highlights
Off On

Protecting your home and business with surveillance cameras is a common practice, but the vulnerability of these systems to remote hacks raises serious concerns. Recently, Ubiquiti Networks issued an urgent security advisory regarding several critical vulnerabilities in its UniFi Protect camera ecosystem. These issues, including remote code execution (RCE), have exposed significant weaknesses that could allow hackers to gain unauthorized access and control over camera systems. With the threats discovered by Trend Micro’s Zero Day Initiative (ZDI) during the 2025 Pwn2Own Toronto hacking competition, it is crucial to understand the impact and steps needed to safeguard these devices.

Critical Vulnerabilities

The primary vulnerabilities identified within the UniFi Protect system encompass both firmware and the management application. Two of the most severe vulnerabilities could enable complete device takeover through unauthorized network-adjacent attacks. Specifically, CVE-2025-23115 and CVE-2025-23116 pose grave threats due to their high severity scores. CVE-2025-23115 is a memory corruption issue existing in firmware versions ≤4.74.88, which allows attackers to execute arbitrary code via specially crafted network packets. This flaw arises from improper handling of RTSP stream metadata buffers leading to retained invalidated pointers after memory reallocation. When exploited successfully, attackers can achieve root-level command execution on the camera’s Linux-based system.

Meanwhile, CVE-2025-23116 is associated with an authentication bypass vulnerability through the Auto-Adopt Bridge feature, found in UniFi Protect Application versions ≤5.2.46. Attackers exploiting this can forge adoption requests using default device certificates due to the protect-adoptd service failing to validate TLS client certificates during the device provisioning sequence. These two vulnerabilities significantly elevate risks by granting attackers unauthorized command execution and bridging into protected networks.

Medium-Severity Vulnerabilities

Aside from the high-severity issues, there are other notable vulnerabilities adding to the threat landscape. CVE-2025-23117 involves a firmware validation bypass caused by the use of a static AES-128-CBC key during the firmware update process. The firmware validation flaw—fixed in version 4.74.106—previously permitted attackers to sideload modified firmware images. The introduction of per-device key derivation using HKDF-SHA256 is a countermeasure to this vulnerability.

Similarly, CVE-2025-23118 identifies a flaw in certificate validation within the UniFi Protect web interface, using the nginx web server. Improper validation of Let’s Encrypt certificates allowed Man-in-the-Middle (MITM) attacks. The fix, incorporating certificate transparency logs and OCSP stapling, aims to fortify against such interception attempts. Another medium-severity vulnerability, CVE-2025-23119, highlights how the camera’s syslog service improperly sanitized ANSI escape sequences in log messages, leading to potential terminal emulator escape attacks. A regex filter implementation has been applied to mitigate this issue.

Mitigation and Recommendations

The discovery of these vulnerabilities impacting over 1.2 million deployed UniFi Protect devices signifies the urgency of implementing robust security measures. Ubiquiti has provided specific recommendations for instant mitigation, which include updating camera firmware to version 4.74.106 or higher and upgrading the UniFi Protect Application to version 5.2.49 or beyond. Disabling the Auto-Adopt Bridge feature, if it is not being used, and incorporating network segmentation for camera VLANs can also help minimize exposure.

Security teams should vigilantly monitor indicators of compromise (IoCs) such as unusual outbound connections on TCP/443 to unknown autonomous systems, the spawning of the ubntstreamd process to /bin/sh, and any modification of /etc/passwd indicating the addition of new UID 0 accounts. These steps collectively reduce the risk of potential exploitation and enhance overall cybersecurity posture.

Future Considerations

The identified vulnerabilities pose severe risks, as they can be exploited by attackers to infiltrate and manipulate the surveillance systems. Consequently, understanding the impact and taking appropriate measures to protect these devices is essential. Regularly updating firmware, implementing strong passwords, and using network security protocols can help mitigate some of these threats. With the growing reliance on surveillance technology, ensuring its security is crucial for safeguarding both personal and business interests.

Explore more

Can Stablecoins Balance Privacy and Crime Prevention?

The emergence of stablecoins in the cryptocurrency landscape has introduced a crucial dilemma between safeguarding user privacy and mitigating financial crime. Recent incidents involving Tether’s ability to freeze funds linked to illicit activities underscore the tension between these objectives. Amid these complexities, stablecoins continue to attract attention as both reliable transactional instruments and potential tools for crime prevention, prompting a

AI-Driven Payment Routing – Review

In a world where every business transaction relies heavily on speed and accuracy, AI-driven payment routing emerges as a groundbreaking solution. Designed to amplify global payment authorization rates, this technology optimizes transaction conversions and minimizes costs, catalyzing new dynamics in digital finance. By harnessing the prowess of artificial intelligence, the model leverages advanced analytics to choose the best acquirer paths,

How Are AI Agents Revolutionizing SME Finance Solutions?

Can AI agents reshape the financial landscape for small and medium-sized enterprises (SMEs) in such a short time that it seems almost overnight? Recent advancements suggest this is not just a possibility but a burgeoning reality. According to the latest reports, AI adoption in financial services has increased by 60% in recent years, highlighting a rapid transformation. Imagine an SME

Trend Analysis: Artificial Emotional Intelligence in CX

In the rapidly evolving landscape of customer engagement, one of the most groundbreaking innovations is artificial emotional intelligence (AEI), a subset of artificial intelligence (AI) designed to perceive and engage with human emotions. As businesses strive to deliver highly personalized and emotionally resonant experiences, the adoption of AEI transforms the customer service landscape, offering new opportunities for connection and differentiation.

Will Telemetry Data Boost Windows 11 Performance?

The Telemetry Question: Could It Be the Answer to PC Performance Woes? If your Windows 11 has left you questioning its performance, you’re not alone. Many users are somewhat disappointed by computers not performing as expected, leading to frustrations that linger even after upgrading from Windows 10. One proposed solution is Microsoft’s initiative to leverage telemetry data, an approach that