Vulnerabilities > UI

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22570 Classic Buffer Overflow vulnerability in UI UA Lite Firmware
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices.
network
low complexity
ui CWE-120
7.5
2022-01-14 CVE-2021-44530 Injection vulnerability in UI Unifi Network Controller
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.
network
low complexity
ui CWE-74
7.5
2021-12-07 CVE-2021-44527 Resource Exhaustion vulnerability in UI Unifi Switch Firmware
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.
low complexity
ui CWE-400
6.1
2021-11-24 CVE-2021-22957 Exposure of Resource to Wrong Sphere vulnerability in UI Unifi Protect 1.13.3
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.
network
ui CWE-668
6.8
2021-09-23 CVE-2021-22952 Code Injection vulnerability in UI Unifi Talk
A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted.
network
low complexity
ui CWE-94
6.5
2021-08-31 CVE-2021-22943 Improper Authentication vulnerability in UI Unifi Protect 1.13.3
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network.
low complexity
ui CWE-287
8.3
2021-08-31 CVE-2021-22944 Improper Privilege Management vulnerability in UI Unifi Protect 1.13.3
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application.
low complexity
ui CWE-269
7.7
2021-06-18 CVE-2021-33818 Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.
network
low complexity
ui CWE-400
5.0
2021-06-18 CVE-2021-33820 Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted.
network
low complexity
ui CWE-400
5.0
2021-05-27 CVE-2021-22909 Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update.
network
high complexity
ui CWE-295
7.6