Vulnerabilities > UI

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-42025 Command Injection vulnerability in UI Unifi Network Application
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
local
low complexity
ui CWE-77
7.8
7.8
2023-10-25 CVE-2023-41721 Unspecified vulnerability in UI Unifi Network Application
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176.
network
low complexity
ui
5.3
5.3
2023-08-10 CVE-2023-35085 Integer Overflow or Wraparound vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.
network
low complexity
ui CWE-190
critical
 9.8
9.8
2023-08-10 CVE-2023-38034 Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
network
low complexity
ui CWE-77
critical
 9.8
9.8
2023-07-18 CVE-2023-31998 Out-of-bounds Write vulnerability in UI Aircube Firmware and Edgemax Edgerouter Firmware
A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.
network
low complexity
ui CWE-787
7.5
7.5
2023-07-08 CVE-2023-32000 Cross-site Scripting vulnerability in UI Unifi Network Application
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
network
low complexity
ui CWE-79
4.8
4.8
2023-07-01 CVE-2023-28365 Command Injection vulnerability in UI Unifi 2.3.5/2.3.6
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
network
low complexity
ui CWE-77
critical
 9.1
9.1
2023-07-01 CVE-2023-31997 Unspecified vulnerability in UI Unifi OS 3.1
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB.
low complexity
ui
critical
 9.0
9.0
2023-04-28 CVE-2023-2379 Improper Resource Shutdown or Release vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6.
network
low complexity
ui CWE-404
7.5
7.5
2023-04-28 CVE-2023-2376 Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
8.8
8.8