Filtered by vendor Ui
Subscriptions
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31997 | 1 Ui | 3 Cloud Key Gen2, Cloud Key Gen2 Plus, Unifi Os | 2023-07-11 | 9.0 Critical |
| UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. | ||||
| CVE-2023-28365 | 2 Linux, Ui | 2 Linux Kernel, Unifi | 2023-07-10 | 9.1 Critical |
| A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | ||||
| CVE-2022-44565 | 1 Ui | 12 Airfiber 60, Airfiber 60-hd, Airfiber 60-hd Firmware and 9 more | 2023-06-27 | 5.3 Medium |
| An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | ||||
| CVE-2023-28124 | 1 Ui | 1 Desktop | 2023-05-01 | 5.5 Medium |
| Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | ||||
| CVE-2023-28122 | 1 Ui | 1 Desktop | 2023-05-01 | 7.8 High |
| A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | ||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2023-05-01 | 5.5 Medium |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | ||||
| CVE-2023-24104 | 1 Ui | 2 Unifi Dream Machine Pro, Unifi Dream Machine Pro Firmware | 2023-03-06 | 9.8 Critical |
| Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | ||||
| CVE-2023-23912 | 1 Ui | 20 Er-10x, Er-10x Firmware, Er-12 and 17 more | 2023-02-17 | 8.8 High |
| A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | ||||
| CVE-2023-23119 | 1 Ui | 2 Af-2x, Af-2x Firmware | 2023-02-10 | 5.9 Medium |
| The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | ||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2023-02-02 | 7.2 High |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | ||||
| CVE-2019-5445 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2023-02-02 | 4.9 Medium |
| DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. | ||||
| CVE-2022-43553 | 1 Ui | 2 Edgemax Edgerouter, Edgemax Edgerouter Firmware | 2022-12-08 | 8.8 High |
| A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. | ||||
| CVE-2019-5456 | 1 Ui | 1 Unifi Controller | 2022-12-06 | 8.1 High |
| SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | ||||
| CVE-2018-12590 | 1 Ui | 2 Edgeswitch, Edgeswitch Firmware | 2022-10-03 | 7.2 High |
| Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. | ||||
| CVE-2013-1606 | 1 Ui | 4 Aircam, Aircam Dome, Aircam Mini and 1 more | 2022-10-03 | N/A |
| Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request. | ||||
| CVE-2022-35257 | 1 Ui | 1 Desktop | 2022-09-26 | 7.8 High |
| A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | ||||
| CVE-2021-22957 | 1 Ui | 1 Unifi Protect | 2022-08-30 | 8.8 High |
| A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | ||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2022-08-30 | 8.8 High |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | ||||
| CVE-2021-22882 | 1 Ui | 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Network Video Recorder and 1 more | 2022-08-30 | 7.5 High |
| UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. | ||||
| CVE-2021-44530 | 1 Ui | 1 Unifi Network Controller | 2022-08-09 | 9.8 Critical |
| An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | ||||