Unifi Video Security Vulnerabilities and Issues — Unifi Video CVE List

Lucene search

UiUnifi Video

8 matches found

CVE•added 2021/05/17 10:15 p.m.•67 views

CVE-2020-24755

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).

7.8CVSS7.7AI score0.00064EPSS

CVE•added 2024/12/04 2:15 a.m.•65 views

CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products:UniFi iOS App (Version 10.17.7 and ea...

7.1CVSS7.1AI score0.00024EPSS

CVE•added 2017/12/27 5:29 p.m.•58 views

CVE-2016-6914

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

7.8CVSS7.5AI score0.00135EPSS

CVE•added 2020/04/01 11:15 p.m.•52 views

CVE-2020-8146

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the wi...

7.8CVSS7.6AI score0.00051EPSS

CVE•added 2014/07/25 7:55 p.m.•41 views

CVE-2014-2227

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

6CVSS6.8AI score0.01625EPSS

CVE•added 2019/05/06 5:29 p.m.•40 views

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

8.8CVSS8.6AI score0.00187EPSS

CVE•added 2020/04/01 11:15 p.m.•37 views

CVE-2020-8145

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current ...

6.5CVSS6.8AI score0.00231EPSS

CVE•added 2020/04/01 11:15 p.m.•36 views

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware ...

8.4CVSS8.3AI score0.00262EPSS