CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22943
https://notcve.org/view.php?id=CVE-2021-22943
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente la(s) cámara(s) Protect asignada(s) a dicha red. Esta vulnerabilidad es corregida en la aplicación UniFi Protect versiones V1.19.0 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22944
https://notcve.org/view.php?id=CVE-2021-22944
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. Una vulnerabilidad encontrada en la aplicación UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso con un rol de sólo vista y acceso a la red alcanzar los mismos privilegios que el propietario de la aplicación UniFi Protect. Esta vulnerabilidad es corregida en la aplicación UniFi Protect versiones V1.19.0 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33818
https://notcve.org/view.php?id=CVE-2021-33818
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en UniFi Protect G3 FLEX Camera versión UVC.v4.30.0.67. Unos atacantes pueden usar la herramienta slowhttptest para enviar peticiones HTTP incompletas, lo que podría hacer que el servidor siga esperando a que el paquete termine la conexión, hasta que sean agotados sus recursos. • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md https://github.com/shekyan/slowhttptest https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33820
https://notcve.org/view.php?id=CVE-2021-33820
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en UniFi Protect G3 FLEX Camera versión UVC.v4.30.0.67. El atacante puede enviar una gran cantidad de paquetes TCP SYN para hacer que los recursos del servicio web sean agotados. Entonces, el servidor web sufre una denegación de servicio • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33820.md https://linuxhint.com/hping3 https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22909 – Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22909
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later. Una vulnerabilidad encontrada en EdgeMAX EdgeRouter versión V2.0.9 y anteriores, podría permitir a un actor malicioso ejecutar un ataque de tipo man-in-the-middle (MitM) durante una actualización de firmware. Esta vulnerabilidad se corrigió en EdgeMAX EdgeRouter versiones V2.0.9-hotfix.1 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device. The specific flaw exists within the downloading of firmware files via HTTPS. • https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •