Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui unifi vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-41721
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and previous versions, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious act...
Ui Unifi Network Application
9.8
CVSSv3
CVE-2023-38034
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and previous versions) All UniFi Switches (...
Ui Unifi Uap Firmware
Ui Unifi Switch Firmware
9.8
CVSSv3
CVE-2023-35085
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and previous versions...
Ui Unifi Uap Firmware
Ui Unifi Switch Firmware
4.8
CVSSv3
CVE-2023-32000
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and previous versions) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
Ui Unifi Network Application
9.1
CVSSv3
CVE-2023-28365
A backup file vulnerability found in UniFi applications (Version 7.3.83 and previous versions) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
Ui Unifi
9
CVSSv3
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" inclu...
Ui Unifi Os 3.1
9.8
CVSSv3
CVE-2023-24104
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows malicious users to bypass domain restrictions via crafted packets.
Ui Unifi Dream Machine Pro Firmware 7.2.95
8.8
CVSSv3
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and previous versions and UniFi Security Gateways (USG) Version 4.4.56 and previous versions with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to...
Ui Usg Firmware
Ui Usg-pro-4 Firmware
Ui Er-10x Firmware
Ui Er-10x Firmware 2.0.9
Ui Er-12 Firmware
Ui Er-12 Firmware 2.0.9
Ui Er-12p Firmware
Ui Er-12p Firmware 2.0.9
Ui Er-4 Firmware
Ui Er-4 Firmware 2.0.9
Ui Er-6p Firmware
Ui Er-6p Firmware 2.0.9
Ui Er-8-xg Firmware
Ui Er-8-xg Firmware 2.0.9
Ui Er-x Firmware
Ui Er-x Firmware 2.0.9
Ui Er-x-sfp Firmware
Ui Er-x-sfp Firmware 2.0.9
10
CVSSv3
CVE-2022-22570
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and previous versions) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version ...
Ui Ua Lite Firmware
9.8
CVSSv3
CVE-2021-44530
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and previous versions (Log4J CVE-2021-44228) allows a malicious actor to control the application.
Ui Unifi Network Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »