37 matches found
UniFi Access - Broken Access Control
UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access. id: CVE-2025-52665 info: name:...
CVE-2019-25651
Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...
VulnCheck KEV: CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later...
EUVD-2025-37233
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
Ubiquiti UniFi Access Application 安全漏洞
Ubiquiti UniFi Access Application is an access control system from Ubiquiti, Inc. A security vulnerability exists in the Ubiquiti UniFi Access Application versions 3.3.22 through 3.4.31, which stems from an exposed management API and lack of proper authentication, which could lead to unauthorized...
CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
CVE-2025-52665
CVE-2025-52665 affects UniFi Access Application 3.3.22–3.4.31, where a misconfigured management API is exposed without proper authentication, allowing attackers on the management network to access management functions. Affected component: the UniFi Access management API; root cause: misconfigurat...
CVE-2025-52665
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...
PT-2025-43553
Name of the Vulnerable Software and Affected Versions UniFi Access Application versions 3.3.22 through 3.4.31 Description A misconfiguration in the UniFi Access application exposes a management API without proper authentication. An attacker with access to the management network could exploit this...
EUVD-2020-20381
Malware in sbrugna...
EUVD-2025-23556
Malicious code in bioql PyPI...
EUVD-2024-41709
Malicious code in bioql PyPI...
EUVD-2023-39120
Malicious code in bioql PyPI...
EUVD-2023-41861
Malicious code in bioql PyPI...
CVE-2025-27212
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro Version 2.14.21 and earlier UniFi Access G2 Reader Pro Version 1.10.32 and earlier UniFi...
CVE-2025-27212
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro Version 2.14.21 and earlier UniFi Access G2 Reader Pro Version 1.10.32 and earlier UniFi...
CVE-2025-27212
CVE-2025-27212 describes an improper input validation in multiple UniFi Access devices that could allow a malicious actor with access to the UniFi Access management network to perform a command injection, resulting in remote code execution. Affected products and versions include: UniFi Access Rea...