2 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. • https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). UniFi Cloud Key versiones de firmware anteriores a v1.1.10 incluyéndola, para Cloud Key gen2 y Cloud Key gen2 Plus contiene una vulnerabilidad que permite acceso root no restringido por medio de la interfaz serial (UART). • https://community.ui.com/releases/Security-advisory-bulletin-008-008/5f66ca4c-10d6-4ca5-9620-37d5a4f22413 https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-11/a24e55e1-6d90-46d7-92e2-01539ec8c79d • CWE-284: Improper Access Control •