Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ui Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 56 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-5330 1 Ui 1 Airos 2019-06-14 5.0 MEDIUM 9.8 CRITICAL
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVE-2018-5264 1 Ui 2 Unifi 52, Unifi Firmware 2019-06-11 4.3 MEDIUM 5.9 MEDIUM
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.
CVE-2014-2227 1 Ui 1 Unifi Video 2019-06-10 6.0 MEDIUM N/A
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
CVE-2014-2226 1 Ui 1 Unifi Controller 2019-06-10 2.6 LOW N/A
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2013-3572 1 Ui 1 Unifi 2019-06-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
CVE-2013-1606 1 Ui 4 Aircam, Aircam Dome, Aircam Mini and 1 more 2019-06-10 7.5 HIGH N/A
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.