Shodan
Vulnerabilities
Vulnerable Software
Ui:  Security Vulnerabilities
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-07-30
CVE-2019-5445
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.
CVSS Score
4.9
EPSS Score
0.005
Published
2019-07-10
CVE-2019-5446
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-07-10
CVE-2010-5330
Known exploited
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVSS Score
9.8
EPSS Score
0.615
Published
2019-06-11
CVE-2018-5264
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.
CVSS Score
5.9
EPSS Score
0.007
Published
2019-06-07
CVE-2018-5265
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.
CVSS Score
7.2
EPSS Score
0.029
Published
2019-06-07
CVE-2019-12727
On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-06-04
CVE-2019-5430
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-06
CVE-2019-5424
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
CVSS Score
8.8
EPSS Score
0.019
Published
2019-04-10
CVE-2019-5425
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved