Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Unifi Video Controller Security Vulnerabilities - 2020

cve
cve

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware ...

8.4CVSS

8.3AI Score

0.0004EPSS

2020-04-01 11:15 PM
24
cve
cve

CVE-2020-8145

The UniFi Video Server (Windows) web interface configuration restore functionality at the β€œbackup” and β€œwizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current ...

6.5CVSS

6.8AI Score

0.001EPSS

2020-04-01 11:15 PM
25
cve
cve

CVE-2020-8146

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the wi...

7.8CVSS

7.6AI Score

0.001EPSS

2020-04-01 11:15 PM
35