In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).
References
Link | Resource |
---|---|
https://www.youtube.com/watch?v=T41h4yeh9dk | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-05-17 22:15
Updated : 2024-02-28 18:28
NVD link : CVE-2020-24755
Mitre link : CVE-2020-24755
CVE.ORG link : CVE-2020-24755
JSON object : View
Products Affected
ui
- unifi_video
CWE
CWE-427
Uncontrolled Search Path Element