Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui unifi controller - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-2225
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller prior to 3.2.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspe...
Ui Unifi Controller
Ui Airvision Controller
Ui Mfi Controller
1 EDB exploit
7.5
CVSSv3
CVE-2020-27888
An issue exists on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
Ui Unifi Meshing Access Point Firmware 4.3.21.11325
Ui Unifi Controller Firmware 6.0.28
8.1
CVSSv3
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
Ui Unifi Controller
NA
CVE-2014-2226
Ubiquiti UniFi Controller prior to 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Ui Unifi Controller
7.5
CVSSv3
CVE-2021-22882
UniFi Protect before v1.17.1 allows an malicious user to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
Ui Unifi Protect Controller
8.8
CVSSv3
CVE-2019-15595
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.
Ui Unifi Video Controller
9.8
CVSSv3
CVE-2021-44530
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and previous versions (Log4J CVE-2021-44228) allows a malicious actor to control the application.
Ui Unifi Network Controller
NA
CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) prior to 3.0.1 does not restrict access to the application, which allows remote malicious users to bypass the Same Origin Policy via a crafted SW...
Ui Unifi Video
1 EDB exploit
NA
CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted client hostname.
Ui Unifi
7.8
CVSSv3
CVE-2020-8146
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllS...
Ui Unifi Video
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »