Vulnerabilities > UI

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2023-2377 Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
8.8
2023-04-28 CVE-2023-2378 Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
8.8
2023-04-28 CVE-2023-2374 Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical.
network
low complexity
ui CWE-77
8.8
2023-04-28 CVE-2023-2375 Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical.
network
low complexity
ui CWE-77
8.8
2023-04-28 CVE-2023-2373 Command Injection vulnerability in UI Edgemax Edgerouter Firmware 2.0.9
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
8.8
2023-04-19 CVE-2023-28122 Unspecified vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.
local
low complexity
ui
7.8
2023-04-19 CVE-2023-28123 Incorrect Permission Assignment for Critical Resource vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
local
low complexity
ui CWE-732
5.5
2023-04-19 CVE-2023-28124 Inadequate Encryption Strength vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
local
low complexity
ui CWE-326
5.5
2023-03-25 CVE-2023-1458 Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical.
network
low complexity
ui CWE-77
critical
9.8
2023-03-25 CVE-2023-1456 Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9
A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
critical
9.8