Ui

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21639 1Ui 4Airfiber Af60 Xg Firmware Airfiber Af60 FirmwareAirmax Ac Firmware+1 more Jan 14, 2026 Jan 8, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products:...Show more A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version 2.6.8 or later.Show less
CVE-2026-21638 1Ui 4Ubb Xg Firmware Ubb FirmwareUdb Pro Sector Firmware+1 more Jan 14, 2026 Jan 8, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-X...Show more A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.Show less
CVE-2026-21635 1Ui 1Unifi Connect Ev Station Lite Firmware Jan 30, 2026 Jan 5, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
CVE-2026-21634 1Ui 1Unifi Protect Jan 30, 2026 Jan 5, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application...Show more A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.Show less
CVE-2026-21633 1Ui 1Unifi Protect Jan 30, 2026 Jan 5, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earli...Show more A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.Show less
CVE-2025-52665 1Ui 1Unifi Access Nov 12, 2025 Oct 31, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability w...Show more A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31).   Mitigation: Update your UniFi Access Application to Version 4.0.21 or later.Show less
CVE-2024-42025 1Ui 1Unifi Network Application Sep 28, 2024 Sep 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privile...Show more A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.Show less
CVE-2023-41721 1Ui 1Unifi Network Application Nov 21, 2024 Oct 25, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to d...Show more Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. Show less
CVE-2023-38034 1Ui 2Unifi Switch Firmware Unifi Uap Firmware Nov 21, 2024 Aug 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Poi...Show more A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.Show less
CVE-2023-35085 1Ui 2Unifi Switch Firmware Unifi Uap Firmware Nov 21, 2024 Aug 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Product...Show more An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.Show less
CVE-2023-31998 1Ui 2Aircube Firmware Edgemax Edgerouter Firmware Nov 21, 2024 Jul 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.
CVE-2023-32000 1Ui 1Unifi Network Application Nov 21, 2024 Jul 8, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a...Show more A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.Show less
CVE-2023-31997 1Ui 1Unifi Os Nov 26, 2024 Jul 1, 2023 N/A· v4 9.0 CRITICAL· v3 N/A· v2 UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi...Show more UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. Show less
CVE-2023-28365 1Ui 1Unifi Network Application Dec 12, 2024 Jul 1, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
CVE-2023-2379 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible...Show more A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.Show less
CVE-2023-2378 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of...Show more A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.Show less
CVE-2023-2377 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipul...Show more A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability.Show less
CVE-2023-2376 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi...Show more A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.Show less
CVE-2023-2375 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument s...Show more A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.Show less
CVE-2023-2374 1Ui 2Er X Sfp Firmware Er X Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument...Show more A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.Show less

12 3 4 5 Next