CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2226 – Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure
https://notcve.org/view.php?id=CVE-2014-2226
25 Jul 2014 — Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Ubiquiti UniFi Controller en versiones anteriores a 3.2.1 registra el hash de la contraseña administrativa en mensajes syslog, lo que permite a atacantes man-in-the-middle obtener información sensible a través de vectores no especificados. Ubiquiti UniFi Controller version 2.4.6 discloses the administrative password... • https://packetstorm.news/files/id/127616 • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 5CVE-2014-2227 – Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass
https://notcve.org/view.php?id=CVE-2014-2227
25 Jul 2014 — The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. La política de cruce de dominio Flash por defecto (crossdomain.xml) en Ubiquiti Networks UniFi Video (anteriormente AirVision también conocido como AirVision Controller) anterior a 3.0.1 no restringe el acceso a la aplicación, lo qu... • https://packetstorm.news/files/id/127617 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 4CVE-2014-2225 – Ubiquiti UbiFi / mFi / AirVision - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-2225
24 Jul 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC addres... • https://packetstorm.news/files/id/127612 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3572
https://notcve.org/view.php?id=CVE-2013-3572
31 Dec 2013 — Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. Cross-site scripting (XSS) en la interfaz de administracion en el controlador UniFi de Ubiquiti Networks UniFi 2.3.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de host del cliente manipulado. • http://dl.ubnt.com/unifi/static/cve-2013-3572.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 17%CPEs: 4EXPL: 4CVE-2013-1606 – Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-1606
12 Jun 2013 — Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request. Desbordamiento de búfer en el servicio ubnt-streamer RTSP en Ubiquiti UBNT AirCam con airVision firmware anterior a v1.1.6 permite a atacantes remotos ejecutar código arbitrario a través de un rtsp de gran longitud: URI en una solicitud DESCRIBE. Core Security Technologies Advisory - The Ubiquiti airCa... • https://packetstorm.news/files/id/121986 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •