CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6914 – Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6914
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Ubiquiti UniFi Video, en versiones anteriores a la 3.8.0 para Windows, emplea permisos débiles para el directorio de instalación, lo que permite que usuarios locales obtengan privilegios SYSTEM mediante un archivo troyano taskkill.exe. Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions. • https://www.exploit-db.com/exploits/43390 http://packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2017/Dec/83 http://www.securityfocus.com/bid/102278 https://hackerone.com/reports/140793 • CWE-276: Incorrect Default Permissions •
CVSS: 6.0EPSS: 4%CPEs: 1EXPL: 4CVE-2014-2227 – Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass
https://notcve.org/view.php?id=CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. La política de cruce de dominio Flash por defecto (crossdomain.xml) en Ubiquiti Networks UniFi Video (anteriormente AirVision también conocido como AirVision Controller) anterior a 3.0.1 no restringe el acceso a la aplicación, lo que permite a atacantes remotos evadir Same Origin Policy a través de un fichero SWF manipulado. Ubiquiti AirVision Controller version 2.1.3 suffers from an overly permissive default crossdomain.xml file. • https://www.exploit-db.com/exploits/39268 http://seclists.org/fulldisclosure/2014/Jul/128 http://sethsec.blogspot.com/2014/07/cve-2014-2227.html http://www.securityfocus.com/bid/68866 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2226 – Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure
https://notcve.org/view.php?id=CVE-2014-2226
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Ubiquiti UniFi Controller en versiones anteriores a 3.2.1 registra el hash de la contraseña administrativa en mensajes syslog, lo que permite a atacantes man-in-the-middle obtener información sensible a través de vectores no especificados. Ubiquiti UniFi Controller version 2.4.6 discloses the administrative password hash via syslog messages. • http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html http://seclists.org/fulldisclosure/2014/Jul/127 http://sethsec.blogspot.com/2014/07/cve-2014-2226.html http://www.securityfocus.com/bid/68869 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 3CVE-2014-2225 – Ubiquiti UbiFi / mFi / AirVision - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-2225
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en Ubiquiti Networks UniFi Controller versiones anteriores a 3.2.1, permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones que (1) crean un nuevo usuario administrador mediante una petición a api/add/admin; (2) tienen un impacto no especificado por medio de una petición a api/add/wlanconf; cambiar la (3) contraseña, (4) método de autenticación o (5) subredes restringidas del invitado mediante una petición a api/set/setting/guest_access; (6) bloquear, (7) desbloquear u (8) volver a conectar a usuarios por la dirección MAC mediante una petición a api/cmd/stamgr; cambie el (9) servidor o (10) el puerto del syslog por medio de una petición a api/set/setting/rsyslogd; (11) tener un impacto no especificado por medio de una petición a api/set/setting/smtp; cambie el (12) servidor, (13) puerto o (14) configuraciones de autenticación de syslog mediante una petición a api/cmd/cfgmgr; o (15) cambie el nombre del controlador Unifi por medio de una petición a api/set/setting/identity. Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/34187 http://seclists.org/fulldisclosure/2014/Jul/126 http://sethsec.blogspot.com/2014/07/cve-2014-2225.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3572
https://notcve.org/view.php?id=CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. Cross-site scripting (XSS) en la interfaz de administracion en el controlador UniFi de Ubiquiti Networks UniFi 2.3.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de host del cliente manipulado. • http://dl.ubnt.com/unifi/static/cve-2013-3572.html http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products http://www.securityfocus.com/bid/64601 https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •