Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ui Subscribe
Filtered by product Unifi Protect
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22957 1 Ui 1 Unifi Protect 2022-08-30 6.8 MEDIUM 8.8 HIGH
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.
CVE-2021-22944 1 Ui 1 Unifi Protect 2022-07-12 7.7 HIGH 8.0 HIGH
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.
CVE-2021-22943 1 Ui 1 Unifi Protect 2021-09-08 8.3 HIGH 9.6 CRITICAL
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.
CVE-2020-8213 1 Ui 1 Unifi Protect 2020-08-05 5.0 MEDIUM 5.3 MEDIUM
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
CVE-2020-8188 1 Ui 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Protect and 1 more 2020-07-09 6.5 MEDIUM 8.8 HIGH
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.