Lucene search
+L

75 matches found

Hacker One
Hacker One
•added 2020/10/14 3:19 p.m.•41 views

Ubiquiti Inc.: Camera adoption DoS - UniFi Protect

A vulnerability was found in UniFi Protect v1.13.7 and earlier that would allow an attacker to use spoofed cameras to perform a denial-of-service attack that could cause the UniFi Protect controller to crash. This vulnerability is fixed in UniFi Protect v1.17.1 and later versions. Affected...

5CVSS3.9AI score0.01273EPSS
Exploits0
Hacker One
Hacker One
•added 2020/03/21 2:54 a.m.•22 views

Ubiquiti Inc.: View Only to Root Privilege Escalation on UniFi Protect

UniFi Protect v1.13.2 and prior containing vulnerabilities allowing users to run certain custom commands that can be used to assign themselves unauthorized roles, escalating their privileges. These vulnerabilities were found on UniFi Protect v1.13.2 and prior versions for Cloud Key Gen2 plus. The...

2.4AI score
Exploits0
Hacker One
Hacker One
•added 2020/02/22 6:9 p.m.•68 views

Ubiquiti Inc.: XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi

AirMax XW.v6.2.0 multiple end-points with parameters vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. These vulnerabilities were found on AirMax AirMax AirOS v6.2.0 and prior versions for TI, XW...

6.8CVSS0.6AI score0.00693EPSS
Exploits0
Hacker One
Hacker One
•added 2020/02/21 9:29 p.m.•95 views

Ubiquiti Inc.: Unauthenticated request allows changing hostname

We have recently released new version of UniFi Cloud Key firmware that fixes a vulnerability found on v1.1.6 and prior for Cloud Key gen2 and Cloud Key gen2 Plus, according to the description below: Unauthenticated API requests allow changing device hostname. Affected Products: UniFi Cloud Key Ge...

5CVSS0.7AI score0.01028EPSS
Exploits0
Hacker One
Hacker One
•added 2020/02/17 10:54 a.m.•36 views

Ubiquiti Inc.: SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch

Read only users could execute unauthorized tasks and through SNMP community string pages. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the EdgeMax EdgeSwitch firmware v1.9.1 For mor...

4CVSS1.6AI score0.01735EPSS
Exploits0
Hacker One
Hacker One
•added 2020/02/14 4:28 a.m.•41 views

Ubiquiti Inc.: Readonly to Root Privilege Escalation on EdgeSwitch

An authenticated read-only user can execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the...

9CVSS1.9AI score0.04419EPSS
Exploits0
Hacker One
Hacker One
•added 2020/01/14 8:23 a.m.•53 views

Ubiquiti Inc.: Web Server Predictable Session ID on EdgeSwitch

In EdgeSwitch legacy web interface the SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for the...

10CVSS1AI score0.0341EPSS
Exploits0
Hacker One
Hacker One
•added 2019/07/27 4:12 a.m.•62 views

Ubiquiti Inc.: Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices

There are certain end-points containing functionalities that are vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. Authenticated users can be persuaded to visit malicious web pages, which allows...

6.8CVSS0.8AI score0.0102EPSS
Exploits0
Hacker One
Hacker One
•added 2019/04/22 12:58 a.m.•32 views

Ubiquiti Inc.: Privilege Escalation From user to SYSTEM via unauthenticated command execution

The vulnerability, or feature depending how you look at it, is the ability to execute commands using the evostream API interface that is exposed on localhost:7440. Since the evostream service is running as SYSTEM a user can use the launchprocess command,...

9.3CVSS2.5AI score0.01709EPSS
Exploits0
Hacker One
Hacker One
•added 2019/04/08 5:1 a.m.•30 views

Ubiquiti Inc.: UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.

Summary: UniFi Video v3.10.1 for Windows 7/8/10 x64 Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows...

6.9CVSS2AI score0.00502EPSS
Exploits0
Hacker One
Hacker One
•added 2019/04/01 3:52 p.m.•34 views

Ubiquiti Inc.: Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server

A malicious actor setting up an SMTP proxy server between the UniFi Controller and their actual SMTP server can record their SMTP credentials for malicious use...

4.3CVSS1.3AI score0.01295EPSS
Exploits0
Hacker One
Hacker One
•added 2019/03/21 3:27 a.m.•28 views

Ubiquiti Inc.: Login as root without password on EdgeSwitchX

In EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in th...

5.8CVSS4AI score0.00809EPSS
Exploits0
Hacker One
Hacker One
•added 2019/03/12 9:14 a.m.•19 views

Ubiquiti Inc.: EdgeSwitch Command Injection

In EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

9CVSS4.4AI score0.0194EPSS
Exploits0
Hacker One
Hacker One
•added 2018/10/29 3:13 p.m.•61 views

Ubiquiti Inc.: CORS Misconfiguration leading to Private Information Disclosure

Due to mistake on te CORS policy configuration, the sites https://client.amplifi.com and https://protect.ubnt.com/ CORS policy allowed HTTP requests to be made from certain sites outside the .ubnt.com and .ui.com domains. This bug could be used to steal users information or force the user to...

1AI score
Exploits0
Hacker One
Hacker One
•added 2018/08/31 12:5 p.m.•60 views

Ubiquiti Inc.: Public Jenkins instance with /script enabled

Hi, First of all. I'm not 100% able to verify that this server is actually owned by Ubnt as there are multiple DNS Name's in the SSL certificate. DNS Name: .uum.com DNS Name: .ubnt.com DNS Name: .svc.ubnt.com DNS Name: .api.uum.com DNS Name: .svc.uum.com DNS Name: uum.com So, the server hosted on...

0.2AI score
Exploits0
Hacker One
Hacker One
•added 2018/07/25 5:23 a.m.•89 views

Ubiquiti Inc.: Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7

AirMax XW.v6.2.0 and prior containing multiple end-points with parameters vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. These vulnerabilities were found on AirMax AirMax AirOS v6.2.0 and prior...

4.3CVSS0.4AI score0.0102EPSS
Exploits0
Hacker One
Hacker One
•added 2018/05/11 1:11 a.m.•44 views

Ubiquiti Inc.: Two Factor Authentication Bypass

The researcher found a method to brute-force the 2FA code request in the www.ubnt.com login page. This method still requires the username/password from the account...

2.4AI score
Exploits0
Hacker One
Hacker One
•added 2018/04/03 3:51 p.m.•15 views

Ubiquiti Inc.: Bypass blocked profile protection on aircrm.ubnt.com

The researcher discovered a bypass in the "block profile publication" feature...

1.7AI score
Exploits0
Hacker One
Hacker One
•added 2018/03/30 3:29 p.m.•42 views

Ubiquiti Inc.: 3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)

There are certain end-points containing functionalities that are vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. Authenticated users can be persuaded to visit malicious web pages, which allows...

4.3CVSS1.4AI score0.0102EPSS
Exploits0
Hacker One
Hacker One
•added 2018/03/26 6:17 p.m.•31 views

Ubiquiti Inc.: UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise

The UniFi Video Server for Windows web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the...

5.2CVSS1.2AI score0.00748EPSS
Exploits0
Rows per page
Query Builder