Ui

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2373 1Ui 1Edgemax Edgerouter Firmware Nov 21, 2024 Apr 28, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up...Show more A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability.Show less
CVE-2023-28124 1Ui 1Desktop Feb 5, 2025 Apr 19, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Ver...Show more Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.Show less
CVE-2023-28123 1Ui 1Desktop Feb 5, 2025 Apr 19, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2023-28122 1Ui 1Desktop Feb 5, 2025 Apr 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary comma...Show more A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.Show less
CVE-2023-1458 1Ui 1Edgerouter X Firmware Nov 21, 2024 Mar 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argumen...Show more A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.Show less
CVE-2023-1457 1Ui 1Edgerouter X Firmware Nov 21, 2024 Mar 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argumen...Show more A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.Show less
CVE-2023-1456 1Ui 1Edgerouter X Firmware Nov 21, 2024 Mar 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to...Show more A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.Show less
CVE-2023-24104 1Ui 1Unifi Dream Machine Pro Firmware Mar 18, 2025 Feb 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
CVE-2023-23912 1Ui 10Er 10x Firmware Er 12 FirmwareEr 12p Firmware+7 more Mar 24, 2025 Feb 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows...Show more A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.Show less
CVE-2023-23119 1Ui 1Af 2x Firmware Mar 26, 2025 Feb 2, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An atta...Show more The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.Show less
CVE-2022-44565 1Ui 6Airfiber 60 Hd Firmware Airfiber 60 Lr FirmwareAirfiber 60 Xg Firmware+3 more Apr 15, 2025 Dec 23, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the U...Show more An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.Show less
CVE-2022-43553 1Ui 1Edgemax Edgerouter Firmware Apr 24, 2025 Dec 5, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2...Show more A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.Show less
CVE-2022-35257 1Ui 1Desktop May 22, 2025 Sep 23, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
CVE-2022-22570 1Ui 1Ua Lite Firmware Nov 21, 2024 Apr 1, 2022 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devi...Show more A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.Show less
CVE-2021-44530 1Ui 1Unifi Network Controller Nov 21, 2024 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.
CVE-2021-44527 1Ui 1Unifi Switch Firmware Nov 21, 2024 Dec 7, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulne...Show more A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.Show less
CVE-2021-22957 1Ui 1Unifi Protect Nov 21, 2024 Nov 24, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take...Show more A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.Show less
CVE-2021-22952 1Ui 1Unifi Talk Nov 21, 2024 Sep 23, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet...Show more A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later.Show less
CVE-2021-22944 1Ui 1Unifi Protect Nov 21, 2024 Aug 31, 2021 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vul...Show more A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.Show less
CVE-2021-22943 1Ui 1Unifi Protect Nov 21, 2024 Aug 31, 2021 N/A· v4 9.6 CRITICAL· v3 8.3 HIGH· v2 A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vul...Show more A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.Show less

Previous 123 4 5 Next