Vulnerabilities > UI > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-10 CVE-2023-35085 Integer Overflow or Wraparound vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.
network
low complexity
ui CWE-190
critical
 9.8
9.8
2023-08-10 CVE-2023-38034 Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
network
low complexity
ui CWE-77
critical
 9.8
9.8
2023-07-01 CVE-2023-28365 Command Injection vulnerability in UI Unifi 2.3.5/2.3.6
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
network
low complexity
ui CWE-77
critical
 9.1
9.1
2023-07-01 CVE-2023-31997 Unspecified vulnerability in UI Unifi OS 3.1
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB.
low complexity
ui
critical
 9.0
9.0
2023-03-25 CVE-2023-1458 Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical.
network
low complexity
ui CWE-77
critical
 9.8
9.8
2023-03-25 CVE-2023-1456 Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9
A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
critical
 9.8
9.8
2023-03-25 CVE-2023-1457 Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6.
network
low complexity
ui CWE-77
critical
 9.8
9.8
2023-02-23 CVE-2023-24104 Unspecified vulnerability in UI Unifi Dream Machine PRO Firmware 7.2.95
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
network
low complexity
ui
critical
 9.8
9.8
2020-08-21 CVE-2020-8234 Insufficient Session Expiration vulnerability in UI Edgemax Firmware
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
network
low complexity
ui CWE-613
critical
 9.8
9.8
2020-08-17 CVE-2020-8233 OS Command Injection vulnerability in multiple products
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
network
low complexity
ui opensuse CWE-78
critical
 9.0
9.0