CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5456
https://notcve.org/view.php?id=CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. Un MITM de SMTP se refiere a un actor malicioso que configura un servidor proxy SMTP entre la versión anterior a 5.10.21 (incluida) del controlador UniFi y su servidor SMTP actual, para registrar sus credenciales SMTP para un uso malicioso posterior. • https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124 https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 https://hackerone.com/reports/519582 • CWE-255: Credentials Management Errors CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2018-5264
https://notcve.org/view.php?id=CVE-2018-5264
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. En los dispositivos Ubiquiti UniFi versión 52, cuando el modo HotSpot es usado, permite a atacantes remotos omitir las restricciones previstas en el uso de Wi-Fi "free time" mediante el envío de una petición /Guest/s/default/ para obtener una cookie y, entonces usar esta cookie en una petición /Guest/s/default/login con el parámetro byfree. • https://www.red4sec.com/cve/unifi.txt • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5430
https://notcve.org/view.php?id=CVE-2019-5430
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. En UniFi Video versión 3.10.0 y las anteriores, debido a la falta de protección CSRF, es posible abusar de la API Web para realizar cambios en la configuración del servidor sin el consentimiento del usuario, requiere que el atacante atraiga a un usuario autenticado para que este acceda a una página controlada por el atacante. • https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/ba-p/2658279 https://hackerone.com/reports/329749 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6914 – Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6914
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Ubiquiti UniFi Video, en versiones anteriores a la 3.8.0 para Windows, emplea permisos débiles para el directorio de instalación, lo que permite que usuarios locales obtengan privilegios SYSTEM mediante un archivo troyano taskkill.exe. Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions. • https://www.exploit-db.com/exploits/43390 http://packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2017/Dec/83 http://www.securityfocus.com/bid/102278 https://hackerone.com/reports/140793 • CWE-276: Incorrect Default Permissions •
CVSS: 6.0EPSS: 4%CPEs: 1EXPL: 4CVE-2014-2227 – Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass
https://notcve.org/view.php?id=CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. La política de cruce de dominio Flash por defecto (crossdomain.xml) en Ubiquiti Networks UniFi Video (anteriormente AirVision también conocido como AirVision Controller) anterior a 3.0.1 no restringe el acceso a la aplicación, lo que permite a atacantes remotos evadir Same Origin Policy a través de un fichero SWF manipulado. Ubiquiti AirVision Controller version 2.1.3 suffers from an overly permissive default crossdomain.xml file. • https://www.exploit-db.com/exploits/39268 http://seclists.org/fulldisclosure/2014/Jul/128 http://sethsec.blogspot.com/2014/07/cve-2014-2227.html http://www.securityfocus.com/bid/68866 • CWE-264: Permissions, Privileges, and Access Controls •