CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44530
https://notcve.org/view.php?id=CVE-2021-44530
14 Jan 2022 — An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. Se presenta una vulnerabilidad de inyección en una biblioteca de terceros usada en UniFi Network versiones 6.5.53 y anteriores (Log4J CVE-2021-44228) que permite a un actor malicioso controlar la aplicación • https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44527
https://notcve.org/view.php?id=CVE-2021-44527
07 Dec 2021 — A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. Una vulnerabilidad encontrada en el firmware de UniFi Switch versión 5.43.35 y anteriores, permite a un actor malicioso que ya ha obtenido acceso a la red llevar a cabo un ataque de denegación de servicio (DoS) en el switch afectad... • https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22957
https://notcve.org/view.php?id=CVE-2021-22957
24 Nov 2021 — A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. Una vulnerabilidad de intercambio de recursos entre orígenes (CORS) encontrada en la aplicación UniFi Protect versión 1.19.2 y anteriores, permite que un actor malicioso que haya conve... • https://community.ui.com/releases/Security-Advisory-Bulletin-021-021/62bd8841-6603-4fee-9dba-73037148f173 • CWE-16: Configuration •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22952
https://notcve.org/view.php?id=CVE-2021-22952
23 Sep 2021 — A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. Una vulnerabilidad encontrada en la aplicación UniFi Talk versiones V1.12.3 y anteriores, permiten a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente el dispositivo o dispositi... • https://community.ui.com/releases/Security-Advisory-Bulletin-020-020/8ce6a7e6-0cce-4814-8bbe-ee812cb94b1a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22943
https://notcve.org/view.php?id=CVE-2021-22943
31 Aug 2021 — A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente la(s) cámara(s) Protect asignada(s) a d... • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22944
https://notcve.org/view.php?id=CVE-2021-22944
31 Aug 2021 — A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso con un rol de sólo vista y acceso a la red alcanzar los mismos privilegios que el propietario de la ap... • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33818
https://notcve.org/view.php?id=CVE-2021-33818
18 Jun 2021 — An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en UniFi Protect G3 FLEX Camera versión UVC.v4.30.0.67. Unos atacantes pueden usar la herramienta slowhttptest para enviar peticiones HTTP incompletas, lo que podría hacer que el servid... • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33820
https://notcve.org/view.php?id=CVE-2021-33820
18 Jun 2021 — An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en UniFi Protect G3 FLEX Camera versión UVC.v4.30.0.67. El atacante puede enviar una gran cantidad de paquetes TCP SYN para hacer que los recursos del servicio web sean agotados. Entonces, el servidor web sufre una denegación de servicio • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33820.md •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22909 – Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22909
20 May 2021 — A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later. Una vulnerabilidad encontrada en EdgeMAX EdgeRouter versión V2.0.9 y anteriores, podría permitir a un actor malicioso ejecutar un ataque de tipo man-in-the-middle (MitM) durante una actualización de firmware. Esta vulnerabilidad se corrigió en EdgeMAX EdgeRouter ver... • https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24755
https://notcve.org/view.php?id=CVE-2020-24755
17 May 2021 — In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). En Ubiquiti UniFi Video versión v3.10.13, cuando se inicia el ejecutable, su primera comprobación de biblioteca está en el directorio actual. Esto permite la suplantación y modificación de la biblioteca para ejecutar código en el sistema. • https://www.youtube.com/watch?v=T41h4yeh9dk • CWE-427: Uncontrolled Search Path Element •