Vulnerabilities > UI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-26 | CVE-2020-8170 | Cross-site Scripting vulnerability in UI Airos We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | 6.1 |
| 2020-05-02 | CVE-2020-8157 | Unspecified vulnerability in UI products UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). low complexity ui | 6.8 |
| 2020-04-13 | CVE-2020-8148 | Improper Authentication vulnerability in UI Cloud KEY Gen2 and Cloud KEY Gen2 Plus UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. | 5.3 |
| 2020-04-01 | CVE-2020-8145 | Unspecified vulnerability in UI Unifi Video The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. | 6.5 |
| 2019-07-10 | CVE-2019-5445 | Resource Exhaustion vulnerability in UI Edgeswitch Firmware 1.7.3 DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. | 4.9 |
| 2019-06-07 | CVE-2018-5264 | Improper Access Control vulnerability in UI Unifi Firmware Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. | 5.9 |
| 2019-04-10 | CVE-2019-5426 | Improper Authentication vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. | 4.8 |
| 2018-07-03 | CVE-2017-0912 | Cross-site Scripting vulnerability in UI Ucrm Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. | 5.4 |