VYPR
High severity8.8NVD Advisory· Published May 6, 2019· Updated Jun 17, 2026

CVE-2019-5430

CVE-2019-5430

Description

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

Affected products

2
  • UniFi/UniFi Videodescription
  • UI/Unifi Videollm-fuzzy
    Range: <=3.10.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.