← Back

Unifi Network Application

unifi_network_application

Vendor: Ui • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-42025
1Ui
1Unifi Network Application
Sep 28, 2024
Sep 13, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privile...Show more
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.Show less
CVE-2023-41721
1Ui
1Unifi Network Application
Nov 21, 2024
Oct 25, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to d...Show more
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. Show less
CVE-2023-32000
1Ui
1Unifi Network Application
Nov 21, 2024
Jul 8, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a...Show more
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.Show less
CVE-2023-28365
1Ui
1Unifi Network Application
Dec 12, 2024
Jul 1, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.