Vulnerabilities > UI
|2021-06-18||CVE-2021-33818|| Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V126.96.36.199 |
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v188.8.131.52.
| 5.0 |
|2021-06-18||CVE-2021-33820|| Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V184.108.40.206 |
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v220.127.116.11.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted.
| 5.0 |
|2021-05-27||CVE-2021-22909|| Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware |
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update.
| 7.6 |
|2021-05-17||CVE-2020-24755|| Uncontrolled Search Path Element vulnerability in UI Unifi Video 3.10.13 |
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory.
| 6.9 |
|2021-02-23||CVE-2021-22882|| Resource Exhaustion vulnerability in UI Unifi Protect Controller |
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
| 5.0 |
|2020-12-14||CVE-2020-8282|| Cross-Site Request Forgery (CSRF) vulnerability in UI products |
A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
| 6.8 |
|2020-11-05||CVE-2020-8267|| Improper Authentication vulnerability in UI Unifi Protect Firmware |
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.
| 5.0 |
|2020-10-27||CVE-2020-27888|| Insufficiently Protected Credentials vulnerability in UI products |
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 18.104.22.16825 and UniFi Controller 6.0.28 devices.
| 5.0 |
|2020-08-21||CVE-2020-8234|| Insufficient Session Expiration vulnerability in UI Edgemax Firmware |
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
| 10.0 |
|2020-08-17||CVE-2020-8233|| OS Command Injection vulnerability in UI Edgeswitch Firmware 1.7.1 |
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
| 9.0 |