Vulnerabilities > UI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-22957 | Unspecified vulnerability in UI Unifi Protect 1.13.3/1.19.2 A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | 8.8 |
| 2021-09-23 | CVE-2021-22952 | Unspecified vulnerability in UI Unifi Talk A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. | 8.8 |
| 2021-08-31 | CVE-2021-22943 | Improper Authentication vulnerability in UI Unifi Protect 1.13.3 A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. | 9.6 |
| 2021-08-31 | CVE-2021-22944 | Unspecified vulnerability in UI Unifi Protect 1.13.3 A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. low complexity ui | 8.0 |
| 2021-06-18 | CVE-2021-33818 | Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. | 7.5 |
| 2021-06-18 | CVE-2021-33820 | Unspecified vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. | 7.5 |
| 2021-05-27 | CVE-2021-22909 | Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. | 7.5 |
| 2021-05-17 | CVE-2020-24755 | Uncontrolled Search Path Element vulnerability in UI Unifi Video 3.10.13 In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. | 7.8 |
| 2021-02-23 | CVE-2021-22882 | Unspecified vulnerability in UI Unifi Protect Controller UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash. | 7.5 |
| 2020-12-14 | CVE-2020-8282 | Cross-Site Request Forgery (CSRF) vulnerability in UI products A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | 8.8 |