Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui unifi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-35085
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and previous versions...
Ui Unifi Uap Firmware
Ui Unifi Switch Firmware
9.8
CVSSv3
CVE-2023-38034
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and previous versions) All UniFi Switches (...
Ui Unifi Uap Firmware
Ui Unifi Switch Firmware
7.5
CVSSv3
CVE-2020-27888
An issue exists on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
Ui Unifi Meshing Access Point Firmware 4.3.21.11325
Ui Unifi Controller Firmware 6.0.28
6.8
CVSSv3
CVE-2020-8157
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
Ui Unifi Cloud Key Gen2 Firmware
Ui Unifi Cloud Key Gen2 Plus Firmware
9.1
CVSSv3
CVE-2023-28365
A backup file vulnerability found in UniFi applications (Version 7.3.83 and previous versions) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
Ui Unifi
NA
CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted client hostname.
Ui Unifi
8.8
CVSSv3
CVE-2014-2225
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller prior to 3.2.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspe...
Ui Unifi Controller
Ui Airvision Controller
Ui Mfi Controller
1 EDB exploit
9.6
CVSSv3
CVE-2021-22943
A vulnerability found in UniFi Protect application V1.18.1 and previous versions permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V...
Ui Unifi Protect
8.8
CVSSv3
CVE-2021-22957
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and previous versions allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability ...
Ui Unifi Protect
6.5
CVSSv3
CVE-2020-8145
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access...
Ui Unifi Video
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »