CVE-2020-24755

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).
References
Link Resource
https://www.youtube.com/watch?v=T41h4yeh9dk Exploit Third Party Advisory
https://www.youtube.com/watch?v=T41h4yeh9dk Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ui:unifi_video:3.10.13:*:*:*:*:*:*:*

History

21 Nov 2024, 05:16

Type Values Removed Values Added
References () https://www.youtube.com/watch?v=T41h4yeh9dk - Exploit, Third Party Advisory () https://www.youtube.com/watch?v=T41h4yeh9dk - Exploit, Third Party Advisory

Information

Published : 2021-05-17 22:15

Updated : 2024-11-21 05:16


NVD link : CVE-2020-24755

Mitre link : CVE-2020-24755

CVE.ORG link : CVE-2020-24755


JSON object : View

Products Affected

ui

  • unifi_video
CWE
CWE-427

Uncontrolled Search Path Element