Vulnerabilities > UI > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-8170 Cross-site Scripting vulnerability in UI Airos
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
network
low complexity
ui CWE-79
6.1
2020-05-02 CVE-2020-8157 Unspecified vulnerability in UI products
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
low complexity
ui
6.8
2020-04-13 CVE-2020-8148 Improper Authentication vulnerability in UI Cloud KEY Gen2 and Cloud KEY Gen2 Plus
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request.
network
low complexity
ui CWE-287
5.3
2020-04-01 CVE-2020-8145 Unspecified vulnerability in UI Unifi Video
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks.
network
low complexity
ui
6.5
2019-07-10 CVE-2019-5445 Resource Exhaustion vulnerability in UI Edgeswitch Firmware 1.7.3
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.
network
low complexity
ui CWE-400
4.9
2019-06-07 CVE-2018-5264 Improper Access Control vulnerability in UI Unifi Firmware
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.
network
high complexity
ui CWE-284
5.9
2019-04-10 CVE-2019-5426 Improper Authentication vulnerability in UI Edgeswitch X 1.1.0
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities.
network
high complexity
ui CWE-287
4.8
2018-07-03 CVE-2017-0912 Cross-site Scripting vulnerability in UI Ucrm
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting.
network
low complexity
ui CWE-79
5.4
2013-12-31 CVE-2013-3572 Cross-site Scripting vulnerability in UI Unifi Controller
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
network
low complexity
ui CWE-79
6.1