We have recently released new version of UniFi Cloud Key firmware that fixes a vulnerability found on v1.1.6 and prior for Cloud Key gen2 and Cloud Key gen2 Plus, according to the description below:
Unauthenticated API requests allow changing device hostname.
###Affected Products:
UniFi Cloud Key Gen2
UniFi Cloud Key Gen2 Plus
###Mitigation:
Update to latest UniFi Cloud key Gen2 and UniFi Cloud Key Gen2 Plus Firmware version available at UniFi Cloud Key Gen2 download page.
###Reference Link:
https://community.ui.com/releases/Security-advisory-bulletin-007-007/eb639fa0-68ad-4bf5-9663-3b760eb2f93a