Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from improper access control. This vulnerability could allow malicious individuals...

Ubiquiti EV Station Lite 安全漏洞

Ubiquiti EV Station Lite is a series of smart electric vehicle charging stations from Ubiquiti USA. A security vulnerability exists in Ubiquiti EV Station Lite v1.5.2 and prior versions, which stems from improper access control and could allow a malicious actor to exploit the WiFi AutoLink featur...

Ubiquiti UniFi Connect EV Station 安全漏洞

Ubiquiti UniFi Connect EV Station is an electric vehicle station from Ubiquiti USA. A security vulnerability exists in the Ubiquiti UniFi Connect EV Station version 1.5.18 and earlier, which stems from a lack of authentication for critical functions and could result in an unauthorized restoration...

PT-2025-34175

Name of the Vulnerable Software and Affected Versions: UISP Application affected versions not specified Description: Multiple incorrect permission assignments for a critical resource in the UISP Application may allow a malicious actor with certain permissions to escalate privileges...

PT-2025-31871 · Edgemax · Edgeswitch

Name of the Vulnerable Software and Affected Versions: EdgeMAX EdgeSwitch versions 1.10.4 and earlier Description: An improper input validation in EdgeMAX EdgeSwitch can allow a malicious actor with access to the EdgeSwitch adjacent network to execute commands through command injection...

CVE-2024-54750

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before...

Ubiquiti UniFi Protect Cameras Improper Certificate Validation Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Certificate Validation Improperity vulnerability that...

Ubiquiti UniFi Protect Application Authentication Bypass Vulnerability

The Ubiquiti UniFi Protect Application is an enterprise-grade security monitoring platform that supports both home and business users. Ubiquiti UniFi Protect Application has an authentication bypass vulnerability hole that can be exploited by an attacker to take control of a UniFiProtect camera...

Ubiquiti UniFi Protect Cameras Post-Release Reuse Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. \ Ubiquiti UniFi Protect Cameras suffers from a post-release reuse vulnerability that can be...

PT-2025-6977 · Ubiquiti · Unifi Protect Cameras

Name of the Vulnerable Software and Affected Versions: UniFi Protect Cameras affected versions not specified Description: An Improper Neutralization of Escape Sequences issue could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect...

What Are Normal Users Supposed to Do with IDS Alerts from Network Gear?

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product. When you enable this feature, you get alerts like this one, posted by a Redditor: This is...

CVE-2024-44540

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-44540

The CVE 2024-44540 affects Ubiquiti AirMax firmware version 8. A physical access attacker can gain a privileged command shell via the UART Debugging Port, exposing a high-severity risk. Root cause? The UART Debug Port exposure on affected devices. Exploitation details are described in connected P...

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pa...

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network VPN services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a...

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in...

The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X Radio station lies in the improper validation of the integrity check value. This allows a perpetrator to execute a “man-in-the-middle” attack.

The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X radio station lies in the improper validation of the integrity check value. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out a “man-in-the-middle” attack...

Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for...

CVE-2023-2379

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2023-2379 Ubiquiti EdgeRouter X Web Service denial of service

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...