Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui unifi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-27888
An issue exists on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
Ui Unifi Meshing Access Point Firmware 4.3.21.11325
Ui Unifi Controller Firmware 6.0.28
6.8
CVSSv3
CVE-2020-8157
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
Ui Unifi Cloud Key Gen2 Firmware
Ui Unifi Cloud Key Gen2 Plus Firmware
8.8
CVSSv3
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and previous versions and UniFi Security Gateways (USG) Version 4.4.56 and previous versions with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to...
Ui Usg Firmware
Ui Usg-pro-4 Firmware
Ui Er-10x Firmware
Ui Er-10x Firmware 2.0.9
Ui Er-12 Firmware
Ui Er-12 Firmware 2.0.9
Ui Er-12p Firmware
Ui Er-12p Firmware 2.0.9
Ui Er-4 Firmware
Ui Er-4 Firmware 2.0.9
Ui Er-6p Firmware
Ui Er-6p Firmware 2.0.9
Ui Er-8-xg Firmware
Ui Er-8-xg Firmware 2.0.9
Ui Er-x Firmware
Ui Er-x Firmware 2.0.9
Ui Er-x-sfp Firmware
Ui Er-x-sfp Firmware 2.0.9
7.8
CVSSv3
CVE-2020-8146
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllS...
Ui Unifi Video
9
CVSSv3
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" inclu...
Ui Unifi Os 3.1
7.5
CVSSv3
CVE-2021-22882
UniFi Protect before v1.17.1 allows an malicious user to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
Ui Unifi Protect Controller
8.8
CVSSv3
CVE-2020-8188
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View...
Ui Unifi Protect Firmware
5.3
CVSSv3
CVE-2023-41721
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and previous versions, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious act...
Ui Unifi Network Application
6.5
CVSSv3
CVE-2020-8145
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access...
Ui Unifi Video
5.3
CVSSv3
CVE-2020-8148
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.
Ui Cloud Key Gen2
Ui Cloud Key Gen2 Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »