Ui Unifi Controller vulnerabilities
4 known vulnerabilities affecting ui/unifi_controller.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2014-2225P3HIGHCVSS 8.8PoCfixed in 3.2.12020-02-08
CVE-2014-2225 [HIGH] CWE-352 CVE-2014-2225: Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller bef
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4)
nvd
CVE-2019-5456P3HIGHCVSS 8.1≤ 5.10.212019-07-30
CVE-2019-5456 [HIGH] CWE-300 CVE-2019-5456: SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller v
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
nvd
CVE-2013-3572P4MEDIUMCVSS 6.1fixed in 2.3.62013-12-31
CVE-2013-3572 [MEDIUM] CWE-79 CVE-2013-3572: Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiq
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
nvd
CVE-2014-2226P4LOWCVSS 2.6≤ 2.4.62014-07-29
CVE-2014-2226 [LOW] CWE-255 CVE-2014-2226: Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, whi
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
nvd