Unifi Network Application Security Vulnerabilities and Issues — Unifi Network Application CVE List

Lucene search

UiUnifi Network Application

5 matches found

CVE•added 2022/01/14 8:15 p.m.•130 views

CVE-2021-44530

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

9.8CVSS9.4AI score0.94358EPSS

CVE•added 2023/10/25 6:17 p.m.•66 views

CVE-2023-41721

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to...

10CVSS9.1AI score0.00239EPSS

CVE•added 2023/07/01 12:15 a.m.•50 views

CVE-2023-28365

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

9.1CVSS9.2AI score0.00182EPSS

CVE•added 2024/09/13 4:15 p.m.•48 views

CVE-2024-42025

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

7.8CVSS8AI score0.00323EPSS

CVE•added 2023/07/08 12:15 a.m.•42 views

CVE-2023-32000

A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.

4.8CVSS5AI score0.00282EPSS