CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ui: >> Unifi Network Application >> 7.4.162 Security Vulnerabilities

CVE-2024-42025

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

CVSS Score

7.8

EPSS Score

0.002

Published

2024-09-13

CVE-2023-41721

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.

CVSS Score

10.0

EPSS Score

0.002

Published

2023-10-25

Page 1

Vulnerabilities

Vulnerable Software

Ui: >> Unifi Network Application >> 7.4.162 Security Vulnerabilities

Products

Pricing

Contact Us