Ui

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-33820 1Ui 1Camera G3 Flex Firmware Nov 21, 2024 Jun 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-33818 1Ui 1Camera G3 Flex Firmware Nov 21, 2024 Jun 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the conne...Show more An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.Show less
CVE-2021-22909 1Ui 1Edgemax Edgerouter Firmware Nov 21, 2024 May 27, 2021 N/A· v4 7.5 HIGH· v3 7.6 HIGH· v2 A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9...Show more A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.Show less
CVE-2020-24755 1Ui 1Unifi Video Nov 21, 2024 May 17, 2021 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This wa...Show more In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).Show less
CVE-2021-22882 1Ui 1Unifi Protect Controller Nov 21, 2024 Feb 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
CVE-2020-8282 1Ui 2Edgemax Edgepower 24v Firmware Edgemax Edgepower 54v Firmware Nov 21, 2024 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
CVE-2020-8267 1Ui 1Unifi Protect Firmware Nov 21, 2024 Nov 5, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated m...Show more A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.Show less
CVE-2020-27888 1Ui 2Unifi Controller Firmware Unifi Meshing Access Point Firmware Nov 21, 2024 Oct 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected st...Show more An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.Show less
CVE-2020-8234 1Ui 1Edgemax Firmware Nov 21, 2024 Aug 21, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by...Show more A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.Show less
CVE-2020-8233 2Opensuse Ui 3Backports Sle Edgeswitch FirmwareLeap Nov 21, 2024 Aug 17, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
CVE-2020-8232 1Ui 1Edgeswitch Firmware Nov 21, 2024 Aug 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.
CVE-2020-8213 1Ui 1Unifi Protect Nov 21, 2024 Jul 30, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and respon...Show more An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.Show less
CVE-2020-8188 1Ui 1Unifi Protect Firmware Nov 21, 2024 Jul 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13....Show more We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.Show less
CVE-2020-12695 21Asus BroadcomCanon+18 more 2175020 Z4a69a 5030 M2u92b5030 Z4a70a+214 more Nov 21, 2024 Jun 8, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscriptio...Show more The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.Show less
CVE-2020-8171 1Ui 1Airos Nov 21, 2024 May 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Th...Show more We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.Show less
CVE-2020-8170 1Ui 1Airos Nov 21, 2024 May 26, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Mu...Show more We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.Show less
CVE-2020-8168 1Ui 1Airos Nov 21, 2024 May 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:At...Show more We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.Show less
CVE-2020-8157 1Ui 2Unifi Cloud Key Gen2 Firmware Unifi Cloud Key Gen2 Plus Firmware Nov 21, 2024 May 2, 2020 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
CVE-2020-8148 1Ui 2Cloud Key Gen2 Cloud Key Gen2 Plus Nov 21, 2024 Apr 13, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.
CVE-2020-8146 1Ui 1Unifi Video Nov 21, 2024 Apr 1, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the...Show more In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.Show less

Previous 1 234 5 Next