Vulnerabilities > UI > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-22943 | Improper Authentication vulnerability in UI Unifi Protect 1.13.3 A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. | 9.6 |
| 2020-08-21 | CVE-2020-8234 | Insufficient Session Expiration vulnerability in UI Edgemax Firmware A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. | 9.8 |
| 2020-05-26 | CVE-2020-8171 | OS Command Injection vulnerability in UI Airos We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. | 9.8 |
| 2019-06-11 | CVE-2010-5330 | Command Injection vulnerability in UI Airos On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. | 9.8 |
| 2018-09-05 | CVE-2015-9266 | Path Traversal vulnerability in multiple products The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. | 9.8 |