13 matches found
EUVD-2020-29050
Malware in sbrugna...
EUVD-2020-29043
Malware in sbrugna...
CVE-2020-8148
UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...
Security feature bypass
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...
CVE-2020-8267
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...
CVE-2020-8188
CVE-2020-8188 relates to UniFi Protect firmware. Multiple sources confirm a privilege-escalation issue where “view only” users could run certain custom commands to assign themselves unauthorized roles, leading to elevated privileges. The vulnerability affects Protect firmware v1.13.2 and v1.14.9 ...
Ubiquiti Networks UniFi Cloud Key Access Control Error Vulnerability
Ubiquiti Networks UniFi Cloud Key is a secret key device that supports management of UniFi networks from Ubiquiti Networks USA. An Access Control Error vulnerability exists in the Ubiquiti Networks UniFi Cloud Key gen2 and Cloud Key gen2 Plus using firmware version 1.1.10 and earlier, which can b...
CVE-2020-8157
UniFi Cloud Key firmware = v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface UART...
Ubiquiti Networks UniFi Cloud Key Authorization Issue Vulnerability
Ubiquiti Networks UniFi Cloud Key is a secret key device that supports management of UniFi networks from Ubiquiti Networks USA. An authorization issue vulnerability exists in the Ubiquiti Networks UniFi Cloud Key Gen2 and UniFi Cloud Key Gen2 Plus using firmware versions prior to 1.1.6. An attack...
CVE-2020-8148
UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...
CVE-2020-8148
UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...
Ubiquiti Inc.: Unauthenticated request allows changing hostname
We have recently released new version of UniFi Cloud Key firmware that fixes a vulnerability found on v1.1.6 and prior for Cloud Key gen2 and Cloud Key gen2 Plus, according to the description below: Unauthenticated API requests allow changing device hostname. Affected Products: UniFi Cloud Key Ge...
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware v0.6.1 fixed version: Firmware v0.6.4 CVE number: impact: High...