2020-06-08
|
CVE-2020-12695
|
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
|
Rt\-N11, Adsl, Selphy_cp1200, Ubuntu_linux, Wap131, Wap150, Wap351, Debian_linux, B1165nfw, Dvg\-N5412sp, Ep\-101, Ew\-M970a3t, M571t, Xp\-100, Xp\-2101, Xp\-2105, Xp\-241, Xp\-320, Xp\-330, Xp\-340, Xp\-4100, Xp\-4105, Xp\-440, Xp\-620, Xp\-630, Xp\-702, Xp\-8500, Xp\-8600, Xp\-960, Xp\-970, Fedora, 5020_z4a69a, 5030_m2u92b, 5030_z4a70a, 5034_z4a74a, 5660_f8b04a, Deskjet_ink_advantage_3456_a9t84c, Deskjet_ink_advantage_3545_a9t81a, Deskjet_ink_advantage_3545_a9t81c, Deskjet_ink_advantage_3545_a9t83b, Deskjet_ink_advantage_3546_a9t82a, Deskjet_ink_advantage_3548_a9t81b, Deskjet_ink_advantage_4515, Deskjet_ink_advantage_4518, Deskjet_ink_advantage_4535_f0v64a, Deskjet_ink_advantage_4535_f0v64b, Deskjet_ink_advantage_4535_f0v64c, Deskjet_ink_advantage_4536_f0v65a, Deskjet_ink_advantage_4538_f0v66b, Deskjet_ink_advantage_4675_f1h97a, Deskjet_ink_advantage_4675_f1h97b, Deskjet_ink_advantage_4675_f1h97c, Deskjet_ink_advantage_4676_f1h98a, Deskjet_ink_advantage_4678_f1h99b, Deskjet_ink_advantage_5575_g0v48b, Deskjet_ink_advantage_5575_g0v48c, Envy_100_cn517a, Envy_100_cn517b, Envy_100_cn517c, Envy_100_cn518a, Envy_100_cn519a, Envy_100_cn519b, Envy_110_cq809a, Envy_110_cq809b, Envy_110_cq809c, Envy_110_cq809d, Envy_110_cq812c, Envy_111_cq810a, Envy_114_cq811a, Envy_114_cq811b, Envy_114_cq812a, Envy_120_cz022a, Envy_120_cz022b, Envy_120_cz022c, Envy_4500_a9t80a, Envy_4500_a9t80b, Envy_4500_a9t89a, Envy_4500_d3p93a, Envy_4501_c8d05a, Envy_4502_a9t85a, Envy_4502_a9t87b, Envy_4503_e6g71b, Envy_4504_a9t88b, Envy_4504_c8d04a, Envy_4505_a9t86a, Envy_4507_e6g70b, Envy_4508_e6g72b, Envy_4509_d3p94a, Envy_4509_d3p94b, Envy_4511_k9h50a, Envy_4512_k9h49a, Envy_4513_k9h51a, Envy_4516_k9h52a, Envy_4520_e6g67a, Envy_4520_e6g67b, Envy_4520_f0v63a, Envy_4520_f0v63b, Envy_4520_f0v69a, Envy_4521_k9t10b, Envy_4522_f0v67a, Envy_4523_j6u60b, Envy_4524_f0v71b, Envy_4524_f0v72b, Envy_4524_k9t01a, Envy_4525_k9t09b, Envy_4526_k9t05b, Envy_4527_j6u61b, Envy_4528_k9t08b, Envy_5000_m2u85a, Envy_5000_m2u85b, Envy_5000_m2u91a, Envy_5000_m2u94b, Envy_5000_z4a54a, Envy_5000_z4a74a, Envy_5020_m2u91b, Envy_5530, Envy_5531, Envy_5532, Envy_5534, Envy_5535, Envy_5536, Envy_5539, Envy_5540_f2e72a, Envy_5540_g0v47a, Envy_5540_g0v51a, Envy_5540_g0v52a, Envy_5540_g0v53a, Envy_5540_k7c85a, Envy_5541_k7g89a, Envy_5542_k7c88a, Envy_5543_n9u88a, Envy_5544_k7c89a, Envy_5544_k7c93a, Envy_5545_g0v50a, Envy_5546_k7c90a, Envy_5547_j6u64a, Envy_5548_k7g87a, Envy_5640_b9s56a, Envy_5640_b9s58a, Envy_5642_b9s64a, Envy_5643_b9s63a, Envy_5644_b9s65a, Envy_5646_f8b05a, Envy_5664_f8b08a, Envy_5665_f8b06a, Envy_6020_5se16b, Envy_6020_5se17a, Envy_6020_6wd35a, Envy_6020_7cz37a, Envy_6052_5se18a, Envy_6055_5se16a, Envy_6540_b9s59a, Envy_7640, Envy_7644_e4w46a, Envy_7645_e4w44a, Envy_photo_6200_k7g18a, Envy_photo_6200_k7g26b, Envy_photo_6200_k7s21b, Envy_photo_6200_y0k13d_, Envy_photo_6200_y0k15a, Envy_photo_6220_k7g20d, Envy_photo_6220_k7g21b, Envy_photo_6222_y0k13d, Envy_photo_6222_y0k14d, Envy_photo_6230_k7g25b, Envy_photo_6232_k7g26b, Envy_photo_6234_k7s21b, Envy_photo_6252_k7g22a, Envy_photo_7100_3xd89a, Envy_photo_7100_k7g93a, Envy_photo_7100_k7g99a, Envy_photo_7100_z3m37a, Envy_photo_7100_z3m52a, Envy_photo_7120_z3m41d, Envy_photo_7155_z3m52a, Envy_photo_7164_k7g99a, Envy_photo_7800_k7r96a, Envy_photo_7800_k7s00a, Envy_photo_7800_k7s10d, Envy_photo_7800_y0g42d, Envy_photo_7800_y0g52b, Envy_photo_7822_y0g42d, Envy_photo_7822_y0g43d, Envy_photo_7830_y0g50b, Envy_pro_6420_5se45b, Envy_pro_6420_5se46a, Envy_pro_6420_6wd14a, Envy_pro_6420_6wd16a, Envy_pro_6452_5se47a, Envy_pro_6455_5se45a, Officejet_4650_e6g87a, Officejet_4650_f1h96a, Officejet_4650_f1h96b, Officejet_4652_f1j02a, Officejet_4652_f1j05b, Officejet_4652_k9v84b, Officejet_4654_f1j06b, Officejet_4654_f1j07b, Officejet_4655_f1j00a, Officejet_4655_k9v79a, Officejet_4655_k9v82b, Officejet_4656_k9v81b, Officejet_4657_v6d29b, Officejet_4658_v6d30b, Hg255s, Hg532e, Windows_10, Xbox_one, Wr8165n, Wnhde111, Zonedirector_1200, Archer_c50, Unifi_controller, Hostapd, Zxv10_w300, Amg1202\-T10b, Vmg8324\-B10a
|
7.5
|
|
|
2019-07-30
|
CVE-2019-5456
|
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
|
Unifi_controller
|
8.1
|
|
|
2020-02-08
|
CVE-2014-2225
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect...
|
Airvision_controller, Mfi_controller, Unifi_controller
|
N/A
|
|
|
2014-07-29
|
CVE-2014-2226
|
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
Unifi_controller
|
N/A
|
|
|