RSS   Podatności dla 'Airvision controller'   RSS

2020-02-08
 
CVE-2014-2225

CWE-352
 
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.

 

 >>> Vendor: UI 20 Produkty
Edgeswitch x
Unifi video
Aircam firmware
Edgeos
Aircam
Aircam dome
Aircam mini
Airvision firmware
Unifi
Unifi controller
Unifi firmware
UCRM
Edgeswitch
Airvision controller
Mfi controller
Cloud key gen2
Cloud key gen2 plus
Unifi protect
Unifi talk
Unifi switch firmware

Copyright 2024, cxsecurity.com

 

Back to Top