CVE-2023-28365
https://notcve.org/view.php?id=CVE-2023-28365
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. • https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-31997
https://notcve.org/view.php?id=CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. • https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4 •
CVE-2023-34840
https://notcve.org/view.php?id=CVE-2023-34840
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. • https://github.com/Xh4H/CVE-2023-34840 http://alexcrack.com https://github.com/alexcrack/angular-ui-notification • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2379 – Ubiquiti EdgeRouter X Web Service denial of service
https://notcve.org/view.php?id=CVE-2023-2379
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS https://vuldb.com/?ctiid.227655 https://vuldb.com/?id.227655 • CWE-404: Improper Resource Shutdown or Release •
CVE-2023-2378 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2378
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4 https://vuldb.com/?ctiid.227654 https://vuldb.com/?id.227654 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •