Unrated severityNVD Advisory· Published Jul 25, 2014· Updated May 6, 2026

CVE-2014-2227

Description

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Affected products

Ui/Unifi Video
cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*
Range: <=2.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2014/Jul/128nvdExploit
sethsec.blogspot.com/2014/07/cve-2014-2227.htmlnvdExploit
www.securityfocus.com/bid/68866nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000