Vulnerabilities > UI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-13 | CVE-2020-8148 | Improper Authentication vulnerability in UI Cloud KEY Gen2 and Cloud KEY Gen2 Plus UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. | 5.0 |
| 2020-04-01 | CVE-2020-8146 | Improper Privilege Management vulnerability in UI Unifi Video In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. | 6.9 |
| 2020-04-01 | CVE-2020-8145 | Improper Privilege Management vulnerability in UI Unifi Video The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. | 4.0 |
| 2020-04-01 | CVE-2020-8144 | Path Traversal vulnerability in UI Unifi Video The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. | 5.2 |
| 2020-02-08 | CVE-2014-2225 | Cross-Site Request Forgery (CSRF) vulnerability in UI products Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | 6.8 |
| 2020-02-07 | CVE-2020-8126 | Improper Privilege Management vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.2 |
| 2019-09-25 | CVE-2019-16889 | Allocation of Resources Without Limits or Throttling vulnerability in UI products Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. | 7.8 |
| 2019-07-30 | CVE-2019-5456 | Credentials Management vulnerability in UI Unifi Controller and Unifi Network Controller SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | 8.1 |
| 2019-07-10 | CVE-2019-5446 | Command Injection vulnerability in UI Edgeswitch Firmware 1.7.3 Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | 7.2 |
| 2019-07-10 | CVE-2019-5445 | Resource Exhaustion vulnerability in UI Edgeswitch Firmware 1.7.3 DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. | 4.9 |