30 matches found
PT-2026-28262
Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...
EUVD-2014-2265
Malware in sbrugna...
EUVD-2019-15040
Malware in sbrugna...
EUVD-2013-3506
Malware in sbrugna...
Design/Logic Flaw
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access...
CVE-2020-27888
The CVE-2020-27888 entry concerns Ubiquiti UniFi Meshing AP UAP-AC-M (firmware 4.3.21.11325) and UniFi Controller 6.0.28. The issue is that cached credentials are not erased from an AP returning wirelessly from a disconnected state, which may allow unintended network access. Public references in ...
CVE-2014-2225
Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...
CVE-2014-2225
Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...
CVE-2014-2225
CVE-2014-2225 is a CSRF vulnerability in Ubiquiti Networks UniFi Controller prior to 3.2.1. The flaw enables remote attackers to hijack administrator sessions by issuing forged requests to multiple API endpoints (e.g., api/add/admin, api/set/setting/guest_access, api/cmd/stamgr, api/cmd/cfgmgr, e...
Ubiquiti Networks UniFi Controller Trust Management Issue Vulnerability
Ubiquiti Networks UniFi Controller is a suite of software from Ubiquiti Networks, Inc. for managing multiple wireless access point devices in a single platform. A trust management issue vulnerability exists in Ubiquiti Networks UniFi Controller version 5.10.21 and prior versions, which can be...
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...
Design/Logic Flaw
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...
CVE-2019-5456
CVE-2019-5456 concerns the UniFi Controller prior to version 5.10.22. An attacker can set up an SMTP proxy between the UniFi Controller (versions ≤ 5.10.21) and the real SMTP server to capture SMTP credentials, enabling a MITM-like credential theft via misrouted mail traffic. The connected docume...
PT-2019-17685 · Ubiquiti · Unifi Controller
Name of the Vulnerable Software and Affected Versions: UniFi Controller versions prior to 5.10.22 Description: A malicious actor can set up an SMTP proxy server between the UniFi Controller and the actual SMTP server to record SMTP credentials for later malicious use. Recommendations: For version...
Ubiquiti Inc.: Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server
A malicious actor setting up an SMTP proxy server between the UniFi Controller and their actual SMTP server can record their SMTP credentials for malicious use...
Multi Gather Ubiquiti UniFi Controller Backup
On an Ubiquiti UniFi controller, reads the system.properties configuration file and downloads the backup and autobackup files. The files are then decrypted using a known encryption key, then attempted to be repaired by zip. Meterpreter must be used due to the large file sizes, which can be flaky ...
CVE-2014-2226
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors...