CVE-2023-35085
https://notcve.org/view.php?id=CVE-2023-35085
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. • https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-38034
https://notcve.org/view.php?id=CVE-2023-38034
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. • https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-44527
https://notcve.org/view.php?id=CVE-2021-44527
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. Una vulnerabilidad encontrada en el firmware de UniFi Switch versión 5.43.35 y anteriores, permite a un actor malicioso que ya ha obtenido acceso a la red llevar a cabo un ataque de denegación de servicio (DoS) en el switch afectado. Esta vulnerabilidad se ha corregido en el firmware de UniFi Switch versiones 5.76.6 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb • CWE-400: Uncontrolled Resource Consumption •