CVE-2020-27888
https://notcve.org/view.php?id=CVE-2020-27888
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. Se detectó un problema en los dispositivos Ubiquiti UniFi Meshing Access Point UAP-AC-M versión 4.3.21.11325 y UniFi Controller versión 6.0.28. Las credenciales almacenadas en caché no son borradas de un punto de acceso que retorna de forma inalámbrica desde un estado desconectado. • https://community.ui.com/questions/Possible-authentication-bypass-for-access-into-LAN/7965adb2-5d70-4410-8467-4c7bec76bc00 • CWE-459: Incomplete Cleanup CWE-522: Insufficiently Protected Credentials •
CVE-2020-8188
https://notcve.org/view.php?id=CVE-2020-8188
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. Recientemente hemos publicado una nueva versión del firmware UniFi Protect versión v1.13.3 y v1.14.10 para Unifi Cloud Key Gen2 Plus y UniFi Dream Machine Pro/UNVR respectivamente, que corrige las vulnerabilidades encontradas en el firmware Protect versiones v1.13.2, v1.14.9 y anteriores, de acuerdo con la siguiente descripción: Visualiza solo usuarios que pueden ejecutar determinados comandos personalizados que les permiten asignarse a si mismos roles no autorizados y escalar sus privilegios • https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4 https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-8157
https://notcve.org/view.php?id=CVE-2020-8157
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). UniFi Cloud Key versiones de firmware anteriores a v1.1.10 incluyéndola, para Cloud Key gen2 y Cloud Key gen2 Plus contiene una vulnerabilidad que permite acceso root no restringido por medio de la interfaz serial (UART). • https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413 https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d • CWE-284: Improper Access Control •
CVE-2018-5264
https://notcve.org/view.php?id=CVE-2018-5264
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. En los dispositivos Ubiquiti UniFi versión 52, cuando el modo HotSpot es usado, permite a atacantes remotos omitir las restricciones previstas en el uso de Wi-Fi "free time" mediante el envío de una petición /Guest/s/default/ para obtener una cookie y, entonces usar esta cookie en una petición /Guest/s/default/login con el parámetro byfree. • https://www.red4sec.com/cve/unifi.txt • CWE-284: Improper Access Control •