Vulnerabilities > UI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-23912 | Code Injection vulnerability in UI products A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | 8.8 |
| 2022-12-05 | CVE-2022-43553 | Unspecified vulnerability in UI Edgemax Edgerouter Firmware 2.0.9 A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. | 8.8 |
| 2022-09-23 | CVE-2022-35257 | Unspecified vulnerability in UI Desktop 0.55.1.2 A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | 7.8 |
| 2021-11-24 | CVE-2021-22957 | Unspecified vulnerability in UI Unifi Protect 1.13.3/1.19.2 A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | 8.8 |
| 2021-09-23 | CVE-2021-22952 | Unspecified vulnerability in UI Unifi Talk A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. | 8.8 |
| 2021-08-31 | CVE-2021-22944 | Unspecified vulnerability in UI Unifi Protect 1.13.3 A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. low complexity ui | 8.0 |
| 2021-06-18 | CVE-2021-33818 | Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. | 7.5 |
| 2021-06-18 | CVE-2021-33820 | Unspecified vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67 An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. | 7.5 |
| 2021-05-27 | CVE-2021-22909 | Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. | 7.5 |
| 2021-05-17 | CVE-2020-24755 | Uncontrolled Search Path Element vulnerability in UI Unifi Video 3.10.13 In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. | 7.8 |