VYPR

Vendor CVEs

Ubiquiti Inc

All CVEs

120 total · sorted by risk
  • CVE-2025-27213MedAug 21, 2025
    risk 0.32cvss 4.9epss 0.00

    An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and…

  • CVE-2019-5445MedJul 10, 2019
    risk 0.32cvss 4.9epss 0.01

    DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.

  • CVE-2024-34786MedJul 9, 2024
    risk 0.31cvss 4.8epss 0.00

    UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is…

  • CVE-2023-32000MedJul 8, 2023
    risk 0.31cvss 4.8epss 0.00

    A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.

  • CVE-2019-5426MedApr 10, 2019
    risk 0.31cvss 4.8epss 0.01

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic…

  • CVE-2017-0913MedJul 3, 2018
    risk 0.31cvss 4.7epss 0.00

    Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access…

  • CVE-2025-23164MedMay 19, 2025
    risk 0.29cvss 4.4epss 0.00

    A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.

  • CVE-2025-48979LowAug 29, 2025
    risk 0.22cvss 3.4epss 0.00

    An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.

  • CVE-2024-29208LowMay 7, 2024
    risk 0.14cvss 2.2epss 0.00

    An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version…

  • CVE-2024-29206LowMay 7, 2024
    risk 0.14cvss 2.2epss 0.00

    An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro…

  • CVE-2013-1606Jul 18, 2013
    risk 0.05cvss epss 0.23

    Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.

  • CVE-2014-2227Jul 25, 2014
    risk 0.03cvss epss 0.02

    The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

  • CVE-2025-52665Oct 30, 2025
    risk 0.02cvss epss 0.41

    A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version…

  • CVE-2019-25652Mar 27, 2026
    risk 0.00cvss epss 0.00

    UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections.…

  • CVE-2026-21639Jan 8, 2026
    risk 0.00cvss epss 0.00

    A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version…

  • CVE-2026-21638Jan 8, 2026
    risk 0.00cvss epss 0.00

    A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector …

  • CVE-2026-21635Jan 5, 2026
    risk 0.00cvss epss 0.00

    An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

  • CVE-2026-21634Jan 5, 2026
    risk 0.00cvss epss 0.00

    A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update…

  • CVE-2026-21633Jan 5, 2026
    risk 0.00cvss epss 0.00

    A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect…

  • CVE-2014-2226Jul 29, 2014
    risk 0.00cvss epss 0.01

    Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Page 3 of 3