Vulnerabilities > UI
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-10 | CVE-2019-5424 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. | 8.8 |
2019-02-12 | CVE-2017-0938 | Improper Input Validation vulnerability in UI Airos and Edgemax Firmware Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. | 7.5 |
2018-09-05 | CVE-2015-9266 | Path Traversal vulnerability in multiple products The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. | 9.8 |
2018-07-03 | CVE-2017-0912 | Cross-site Scripting vulnerability in UI Ucrm Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. | 5.4 |
2018-06-20 | CVE-2018-12590 | Use of Externally-Controlled Format String vulnerability in UI Edgeswitch Firmware 1.7.3 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 7.2 |
2018-03-22 | CVE-2017-0935 | Improper Privilege Management vulnerability in UI Edgeos 1.9.1/1.9.1.1 Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. | 8.8 |
2017-12-27 | CVE-2016-6914 | Incorrect Default Permissions vulnerability in UI Unifi Video Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | 7.8 |
2013-12-31 | CVE-2013-3572 | Cross-site Scripting vulnerability in UI Unifi Controller Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. | 6.1 |