Vulnerabilities > UI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-07 | CVE-2020-8126 | OS Command Injection vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.8 |
| 2019-11-26 | CVE-2019-15595 | Unspecified vulnerability in UI Unifi Video Controller A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | 8.8 |
| 2019-09-25 | CVE-2019-16889 | Allocation of Resources Without Limits or Throttling vulnerability in UI products Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. | 7.5 |
| 2019-07-30 | CVE-2019-5456 | Credentials Management vulnerability in UI Unifi Controller SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | 8.1 |
| 2019-07-10 | CVE-2019-5446 | Command Injection vulnerability in UI Edgeswitch Firmware 1.7.3 Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | 7.2 |
| 2019-06-07 | CVE-2018-5265 | OS Command Injection vulnerability in UI Edgeos 1.9.1 Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | 7.2 |
| 2019-06-04 | CVE-2019-12727 | Out-of-bounds Read vulnerability in UI Aircam Firmware 3.1.4 On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. | 7.5 |
| 2019-05-06 | CVE-2019-5430 | Cross-Site Request Forgery (CSRF) vulnerability in UI Unifi Video In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | 8.8 |
| 2019-04-10 | CVE-2019-5425 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. | 8.8 |
| 2019-04-10 | CVE-2019-5424 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. | 8.8 |