Vulnerabilities > UI

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-33818 Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.
network
low complexity
ui CWE-400
5.0
2021-06-18 CVE-2021-33820 Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted.
network
low complexity
ui CWE-400
5.0
2021-05-27 CVE-2021-22909 Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update.
network
high complexity
ui CWE-295
7.6
2021-05-17 CVE-2020-24755 Uncontrolled Search Path Element vulnerability in UI Unifi Video 3.10.13
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory.
local
ui CWE-427
6.9
2021-02-23 CVE-2021-22882 Resource Exhaustion vulnerability in UI Unifi Protect Controller
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
network
low complexity
ui CWE-400
5.0
2020-12-14 CVE-2020-8282 Cross-Site Request Forgery (CSRF) vulnerability in UI products
A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
network
ui CWE-352
6.8
2020-11-05 CVE-2020-8267 Improper Authentication vulnerability in UI Unifi Protect Firmware
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.
network
low complexity
ui CWE-287
5.0
2020-10-27 CVE-2020-27888 Insufficiently Protected Credentials vulnerability in UI products
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices.
network
low complexity
ui CWE-522
5.0
2020-08-21 CVE-2020-8234 Insufficient Session Expiration vulnerability in UI Edgemax Firmware
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
network
low complexity
ui CWE-613
critical
10.0
2020-08-17 CVE-2020-8233 OS Command Injection vulnerability in UI Edgeswitch Firmware 1.7.1
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
network
low complexity
ui CWE-78
critical
9.0