Vulnerabilities > UI > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-23912 Code Injection vulnerability in UI products
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
low complexity
ui CWE-94
8.8
2022-12-05 CVE-2022-43553 Unspecified vulnerability in UI Edgemax Edgerouter Firmware 2.0.9
A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.
network
low complexity
ui
8.8
2022-09-23 CVE-2022-35257 Unspecified vulnerability in UI Desktop 0.55.1.2
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
local
low complexity
ui
7.8
2021-11-24 CVE-2021-22957 Unspecified vulnerability in UI Unifi Protect 1.13.3/1.19.2
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.
network
low complexity
ui
8.8
2021-09-23 CVE-2021-22952 Unspecified vulnerability in UI Unifi Talk
A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted.
network
low complexity
ui
8.8
2021-08-31 CVE-2021-22944 Unspecified vulnerability in UI Unifi Protect 1.13.3
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application.
low complexity
ui
8.0
2021-06-18 CVE-2021-33818 Resource Exhaustion vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.
network
low complexity
ui CWE-400
7.5
2021-06-18 CVE-2021-33820 Unspecified vulnerability in UI Camera G3 Flex Firmware Uvc.V4.30.0.67
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted.
network
low complexity
ui
7.5
2021-05-27 CVE-2021-22909 Improper Certificate Validation vulnerability in UI Edgemax Edgerouter Firmware 2.0.9
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update.
network
high complexity
ui CWE-295
7.5
2021-05-17 CVE-2020-24755 Uncontrolled Search Path Element vulnerability in UI Unifi Video 3.10.13
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory.
local
low complexity
ui CWE-427
7.8