Unifi Controller Security Vulnerabilities and Issues — Unifi Controller CVE List

Lucene search

UiUnifi Controller

5 matches found

CVE•added 2020/06/08 5:15 p.m.•539 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

7.8CVSS7.6AI score0.03322EPSS

CVE•added 2020/02/08 4:15 p.m.•111 views

CVE-2014-2225

Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request...

8.8CVSS9.2AI score0.00181EPSS

CVE•added 2013/12/31 8:55 p.m.•47 views

CVE-2013-3572

Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.

6.1CVSS5.8AI score0.00504EPSS

CVE•added 2019/07/30 9:15 p.m.•47 views

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version

8.1CVSS8AI score0.00361EPSS

CVE•added 2014/07/29 2:55 p.m.•36 views

CVE-2014-2226

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

2.6CVSS6.3AI score0.00294EPSS