CVE-2023-31997
https://notcve.org/view.php?id=CVE-2023-31997
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. • https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4 •
CVE-2023-24104
https://notcve.org/view.php?id=CVE-2023-24104
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. • https://attack.mitre.org/techniques/T1090/004 https://github.com/f1veT/BUG/issues/1 •
CVE-2021-44530
https://notcve.org/view.php?id=CVE-2021-44530
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. Se presenta una vulnerabilidad de inyección en una biblioteca de terceros usada en UniFi Network versiones 6.5.53 y anteriores (Log4J CVE-2021-44228) que permite a un actor malicioso controlar la aplicación • https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-44527
https://notcve.org/view.php?id=CVE-2021-44527
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. Una vulnerabilidad encontrada en el firmware de UniFi Switch versión 5.43.35 y anteriores, permite a un actor malicioso que ya ha obtenido acceso a la red llevar a cabo un ataque de denegación de servicio (DoS) en el switch afectado. Esta vulnerabilidad se ha corregido en el firmware de UniFi Switch versiones 5.76.6 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-22957
https://notcve.org/view.php?id=CVE-2021-22957
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. Una vulnerabilidad de intercambio de recursos entre orígenes (CORS) encontrada en la aplicación UniFi Protect versión 1.19.2 y anteriores, permite que un actor malicioso que haya convencido a un usuario con privilegios de acceder a una URL con código malicioso se haga con la cuenta de dicho usuario. Esta vulnerabilidad se ha corregido en la aplicación UniFi Protect versión 1.20.0 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-021-021/62bd8841-6603-4fee-9dba-73037148f173 • CWE-16: Configuration •