EUVD-2023-36286

Malicious code in bioql PyPI...

CVE-2023-28361

A Cross-site WebSocket Hijacking CSWSH vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

Code injection

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

CVE-2023-31997

CVE-2023-31997 concerns UniFi OS 3.1 where a misconfiguration in consoles running UniFi Network enables local-network users to access MongoDB on applicable Cloud Keys (Gen2 and Gen2 Plus) hosting UniFi Network. Impact described as local access to MongoDB; CVSS 3.1 base score 9.0 (Critical) with h...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

PT-2023-23562 · Ubiquiti +1 · Cloud Key Gen2 +4

Name of the Vulnerable Software and Affected Versions: UniFi OS version 3.1 Cloud Key Gen2 running UniFi OS 3.1 Cloud Key Gen2 Plus running UniFi OS 3.1 Description: The issue is related to a misconfiguration in UniFi OS 3.1 that affects consoles running UniFi Network, allowing users on a local...

CVE-2020-8188

CVE-2020-8188 relates to UniFi Protect firmware. Multiple sources confirm a privilege-escalation issue where “view only” users could run certain custom commands to assign themselves unauthorized roles, leading to elevated privileges. The vulnerability affects Protect firmware v1.13.2 and v1.14.9 ...

CVE-2020-8157

UniFi Cloud Key firmware = v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface UART...

CVE-2020-8148

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...

Design/Logic Flaw

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...

CVE-2020-8148

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...

Ubiquiti Inc.: View Only to Root Privilege Escalation on UniFi Protect

UniFi Protect v1.13.2 and prior containing vulnerabilities allowing users to run certain custom commands that can be used to assign themselves unauthorized roles, escalating their privileges. These vulnerabilities were found on UniFi Protect v1.13.2 and prior versions for Cloud Key Gen2 plus. The...