RSS   Vulnerabilities for 'Unifi controller'   RSS

2020-02-08
 
CVE-2014-2225

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.

 
2019-07-30
 
CVE-2019-5456

CWE-255
 

 
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.

 
2014-07-29
 
CVE-2014-2226

CWE-255
 

 
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

 

 >>> Vendor: UI 18 Products
Edgeswitch x
Unifi video
Aircam firmware
Edgeos
Aircam
Aircam dome
Aircam mini
Airvision firmware
Unifi
Unifi controller
Unifi firmware
UCRM
Edgeswitch
Airvision controller
Mfi controller
Cloud key gen2
Cloud key gen2 plus
Unifi protect


Copyright 2021, cxsecurity.com

 

Back to Top