Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ubiquiti vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) prior to 3.0.1 does not restrict access to the application, which allows remote malicious users to bypass the Same Origin Policy via a crafted SW...
Ui Unifi Video
1 EDB exploit
NA
CVE-2013-16063
Core Security Technologies Advisory - The Ubiquiti airCam RTSP service 'ubnt-streamer' has a buffer overflow when parsing the URI of a RTSP request message. This bug allows remote attackers to execute arbitrary code via RTSP request message.
NA
CVE-2014-2226
Ubiquiti UniFi Controller prior to 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Ui Unifi Controller
7.8
CVSSv3
CVE-2016-6914
Ubiquiti UniFi Video prior to 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
Ui Unifi Video
1 EDB exploit
NA
CVE-2016-69142
Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions.
NA
CVE-2013-1606
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware prior to 1.1.6 allows remote malicious users to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
Ui Airvision Firmware
Ui Aircam Mini -
Ui Aircam Dome -
Ui Aircam -
1 EDB exploit
NA
CVE-2016-69142016
Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions.
8.8
CVSSv3
CVE-2016-7792
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote malicious users to modify the database by directly connecting to it.
Ubiquiti Networks Unifi Ap Ac Lite Firmware
7.5
CVSSv3
CVE-2021-22909
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and previous versions could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.
Ui Edgemax Edgerouter Firmware
1 Github repository
8.8
CVSSv3
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and previous versions and UniFi Security Gateways (USG) Version 4.4.56 and previous versions with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to...
Ui Usg Firmware
Ui Usg-pro-4 Firmware
Ui Er-10x Firmware
Ui Er-10x Firmware 2.0.9
Ui Er-12 Firmware
Ui Er-12 Firmware 2.0.9
Ui Er-12p Firmware
Ui Er-12p Firmware 2.0.9
Ui Er-4 Firmware
Ui Er-4 Firmware 2.0.9
Ui Er-6p Firmware
Ui Er-6p Firmware 2.0.9
Ui Er-8-xg Firmware
Ui Er-8-xg Firmware 2.0.9
Ui Er-x Firmware
Ui Er-x Firmware 2.0.9
Ui Er-x-sfp Firmware
Ui Er-x-sfp Firmware 2.0.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »