Skip to main content

Unifi Controller

4 CVEs product

Monthly

CVE-2020-12695 HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd Rt N11 Adsl +213
NVD GitHub
CVSS 3.1
7.5
EPSS
15.2%
CVE-2019-5456 HIGH This Week

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ubiquiti Information Disclosure Unifi Controller
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2014-2226 LOW Monitor

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Controller
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-3572 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti XSS Unifi Controller
NVD
CVSS 3.1
6.1
EPSS
0.5%
EPSS 15% CVSS 7.5
HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd +215
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ubiquiti Information Disclosure Unifi Controller
NVD
EPSS 0% CVSS 2.6
LOW Monitor

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Controller
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti XSS Unifi Controller
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy