Skip to main content

Unifi Video

6 CVEs product

Monthly

CVE-2020-8146 HIGH This Week

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Privilege Escalation Microsoft Unifi Video
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8145 MEDIUM This Month

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Microsoft Information Disclosure Unifi Video
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8144 HIGH This Week

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Microsoft Path Traversal Unifi Video
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2019-5430 HIGH This Week

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Video
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-6914 HIGH POC This Week

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Microsoft Privilege Escalation Unifi Video
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2014-2227 MEDIUM POC This Month

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ubiquiti Unifi Video
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
1.5%
EPSS 1% CVSS 7.8
HIGH This Week

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Privilege Escalation Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 8.4
HIGH This Week

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Microsoft Path Traversal +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Video
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Microsoft Privilege Escalation +1
NVD Exploit-DB
EPSS 2% CVSS 6.0
MEDIUM POC This Month

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ubiquiti Unifi Video
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy