3 matches found
CVE-2020-8144
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
UniFi Video <= 3.9.3 Multiple Vulnerabilities
UniFi Video on Windows is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
CVE-2020-8144
The CVE-2020-8144 issue affects UniFi Video Server v3.9.3 and earlier on Windows (x64) where the firmware update mechanism does not validate the download destination, allowing a crafted ..\ sequence to cause the firmware file to be saved outside the intended directory. This path traversal could e...