VYPR

Vendor CVEs

Ubiquiti Inc

All CVEs

120 total · sorted by risk
  • CVE-2024-42025HigSep 13, 2024
    risk 0.51cvss 7.8epss 0.01

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

  • CVE-2023-28122HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3…

  • CVE-2022-35257HigSep 23, 2022
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.

  • CVE-2020-24755HigMay 17, 2021
    risk 0.51cvss 7.8epss 0.01

    In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).

  • CVE-2020-8146HigApr 1, 2020
    risk 0.51cvss 7.8epss 0.01

    In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the…

  • CVE-2020-8126HigFeb 7, 2020
    risk 0.51cvss 7.8epss 0.01

    A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).

  • CVE-2026-34911HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.01

    A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

  • CVE-2026-22558HigMar 19, 2026
    risk 0.50cvss 7.7epss 0.01

    An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

  • CVE-2017-0938HigFeb 12, 2019
    risk 0.50cvss 7.5epss 0.21

    Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

  • CVE-2025-48978HigAug 21, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: …

  • CVE-2025-27211HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.

  • CVE-2025-23119HigMar 1, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network.

  • CVE-2024-54749HigDec 6, 2024
    risk 0.49cvss 7.5epss 0.00

    Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however,…

  • CVE-2024-29207HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi…

  • CVE-2024-22054HigFeb 20, 2024
    risk 0.49cvss 7.5epss 0.01

    A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode…

  • CVE-2023-31998HigJul 18, 2023
    risk 0.49cvss 7.5epss 0.01

    A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.

  • CVE-2023-2379HigApr 28, 2023
    risk 0.49cvss 7.5epss 0.01

    A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2021-33820HigJun 18, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

  • CVE-2021-33818HigJun 18, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is…

  • CVE-2021-22909HigMay 27, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.

  • CVE-2021-22882HigFeb 23, 2021
    risk 0.49cvss 7.5epss 0.01

    UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.

  • CVE-2020-27888HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.

  • CVE-2019-16889HigSep 25, 2019
    risk 0.49cvss 7.5epss 0.05

    Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a…

  • CVE-2019-12727HigJun 4, 2019
    risk 0.49cvss 7.5epss 0.01

    On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft…

  • CVE-2025-52663HigOct 31, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. …

  • CVE-2023-1458HigMar 25, 2023
    risk 0.47cvss 7.2epss 0.03

    A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be…

  • CVE-2023-1457HigMar 25, 2023
    risk 0.47cvss 7.2epss 0.02

    A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is…

  • CVE-2023-1456HigMar 25, 2023
    risk 0.47cvss 7.2epss 0.02

    A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely.…

  • CVE-2018-5265HigJun 7, 2019
    risk 0.47cvss 7.2epss 0.03

    Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell…

  • CVE-2018-12590HigJun 20, 2018
    risk 0.47cvss 7.2epss 0.02

    Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker…

  • CVE-2025-23117MedMar 1, 2025
    risk 0.44cvss 6.8epss 0.00

    An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

  • CVE-2020-8157MedMay 2, 2020
    risk 0.44cvss 6.8epss 0.00

    UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).

  • CVE-2024-44540MedSep 23, 2024
    risk 0.43cvss 6.6epss 0.00

    Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.

  • CVE-2025-23118MedMar 1, 2025
    risk 0.42cvss 6.4epss 0.00

    An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

  • CVE-2023-2378MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The…

  • CVE-2023-2377MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The…

  • CVE-2023-2376MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the…

  • CVE-2023-2375MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated…

  • CVE-2023-2374MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be…

  • CVE-2023-2373MedApr 28, 2023
    risk 0.41cvss 6.3epss 0.04

    A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the…

  • CVE-2020-8170MedMay 26, 2020
    risk 0.40cvss 6.1epss 0.01

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected…

  • CVE-2025-23091MedFeb 1, 2025
    risk 0.38cvss 5.9epss 0.00

    An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

  • CVE-2023-23119MedFeb 2, 2023
    risk 0.38cvss 5.9epss 0.00

    The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to…

  • CVE-2018-5264MedJun 7, 2019
    risk 0.38cvss 5.9epss 0.01

    Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree…

  • CVE-2020-8267MedNov 5, 2020
    risk 0.35cvss 5.3epss 0.01

    A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was…

  • CVE-2020-8213MedJul 30, 2020
    risk 0.35cvss 5.3epss 0.01

    An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.

  • CVE-2020-8148MedApr 13, 2020
    risk 0.35cvss 5.3epss 0.01

    UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.

  • CVE-2017-0912MedJul 3, 2018
    risk 0.35cvss 5.4epss 0.01

    Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit"…

  • CVE-2023-41721MedOct 25, 2023
    risk 0.34cvss 5.3epss 0.01

    Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with…

  • CVE-2022-44565MedDec 23, 2022
    risk 0.34cvss 5.3epss 0.00

    An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.