Unifi Controller

unifi_controller

Vendor: Ui • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12695 21Asus BroadcomCanon+18 more 2175020 Z4a69a 5030 M2u92b5030 Z4a70a+214 more Nov 21, 2024 Jun 8, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscriptio...Show more The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.Show less
CVE-2014-2225 1Ui 3Airvision Controller Mfi ControllerUnifi Controller Nov 21, 2024 Feb 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.Show less
CVE-2019-5456 1Ui 1Unifi Controller Nov 21, 2024 Jul 30, 2019 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
CVE-2014-2226 1Ui 1Unifi Controller May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 2.6 LOW· v2 Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2013-3572 1Ui 1Unifi Controller Apr 29, 2026 Dec 31, 2013 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted clien...Show more Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.Show less