11 matches found
EUVD-2023-36286
Malicious code in bioql PyPI...
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...
Code injection
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...
CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...
CVE-2023-31997
CVE-2023-31997 concerns UniFi OS 3.1 where a misconfiguration in consoles running UniFi Network enables local-network users to access MongoDB on applicable Cloud Keys (Gen2 and Gen2 Plus) hosting UniFi Network. Impact described as local access to MongoDB; CVSS 3.1 base score 9.0 (Critical) with h...
CVE-2020-8188
CVE-2020-8188 relates to UniFi Protect firmware. Multiple sources confirm a privilege-escalation issue where “view only” users could run certain custom commands to assign themselves unauthorized roles, leading to elevated privileges. The vulnerability affects Protect firmware v1.13.2 and v1.14.9 ...
CVE-2020-8148
UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...
CVE-2020-8148
UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...
Ubiquiti Inc.: View Only to Root Privilege Escalation on UniFi Protect
UniFi Protect v1.13.2 and prior containing vulnerabilities allowing users to run certain custom commands that can be used to assign themselves unauthorized roles, escalating their privileges. These vulnerabilities were found on UniFi Protect v1.13.2 and prior versions for Cloud Key Gen2 plus. The...