Ui: >> Unifi Dream Machine Pro Security Vulnerabilities
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
CVSS Score
10.0
EPSS Score
0.002
Published
2023-10-25
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-02-23
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-02-23
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-07-02