Filtered by vendor Ui
Subscribe
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12727 | 1 Ui | 2 Aircam, Aircam Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers. | |||||
| CVE-2019-5424 | 1 Ui | 1 Edgeswitch X | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. | |||||
| CVE-2018-5265 | 1 Ui | 2 Edgeos, Erlite-3 | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2019-5425 | 1 Ui | 1 Edgeswitch X | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. | |||||
| CVE-2019-5426 | 1 Ui | 1 Edgeswitch X | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings. | |||||
| CVE-2018-5264 | 1 Ui | 2 Unifi 52, Unifi Firmware | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. | |||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | |||||
| CVE-2019-5430 | 1 Ui | 1 Unifi Video | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | |||||
| CVE-2019-5456 | 1 Ui | 1 Unifi Controller | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | |||||
| CVE-2015-9266 | 2 Ubnt, Ui | 23 Airos 4 Xs2, Airos 4 Xs5, Edgeswitch Xp Firmware and 20 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | |||||
| CVE-2017-0938 | 1 Ui | 4 Airmax Ac, Airos, Edgemax and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. | |||||
| CVE-2018-12590 | 1 Ui | 2 Edgeswitch, Edgeswitch Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. | |||||
| CVE-2017-0912 | 1 Ui | 1 Ucrm | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling". | |||||
| CVE-2017-0935 | 1 Ui | 1 Edgeos | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. | |||||
| CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||||
| CVE-2014-2227 | 1 Ui | 1 Unifi Video | 2024-02-28 | 6.0 MEDIUM | N/A |
| The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. | |||||
| CVE-2014-2226 | 1 Ui | 1 Unifi Controller | 2024-02-28 | 2.6 LOW | N/A |
| Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-3572 | 1 Ui | 1 Unifi | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. | |||||
| CVE-2013-1606 | 1 Ui | 4 Aircam, Aircam Dome, Aircam Mini and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request. | |||||