Vulnerabilities > UI > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-35085 | Integer Overflow or Wraparound vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. | 9.8 |
| 2023-08-10 | CVE-2023-38034 | Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 9.8 |
| 2023-07-01 | CVE-2023-28365 | Command Injection vulnerability in UI Unifi 2.3.5/2.3.6 A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 9.1 |
| 2023-07-01 | CVE-2023-31997 | Unspecified vulnerability in UI Unifi OS 3.1 UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. | 9.0 |
| 2023-03-25 | CVE-2023-1458 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. | 9.8 |
| 2023-03-25 | CVE-2023-1456 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |
| 2023-03-25 | CVE-2023-1457 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |
| 2023-02-23 | CVE-2023-24104 | Unspecified vulnerability in UI Unifi Dream Machine PRO Firmware 7.2.95 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | 9.8 |
| 2022-04-01 | CVE-2022-22570 | Classic Buffer Overflow vulnerability in UI UA Lite Firmware 3.8.28.20/3.8.28.24 A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. | 10.0 |
| 2022-01-14 | CVE-2021-44530 | Injection vulnerability in UI Unifi Network Controller An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | 9.8 |