CVE-2026-21634

< 6.2.72

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) di

6.5MEDIUM

CVE-2026-21633

< 6.2.72

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a d

8.8HIGH

CVE-2023-2379

< 2.0.9

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part

7.5HIGH

CVE-2023-2378

< 2.0.9

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is

6.3MEDIUM

CVE-2023-2377

< 2.0.9

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulner

6.3MEDIUM

CVE-2023-2376

< 2.0.9

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknow

6.3MEDIUM

CVE-2023-2375

< 2.0.9

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknow

6.3MEDIUM

CVE-2023-2374

< 2.0.9

A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affect

6.3MEDIUM

CVE-2023-23912

< 2.0.9

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earl

8.8HIGH

CVE-2021-22957

< 1.20.0

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malici

8.8HIGH

CVE-2021-22944

< 1.19.0

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network

8.0HIGH

CVE-2021-22943

< 1.19.0

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to

9.6CRITICAL

CVE-2020-24755

all versions

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allow

7.8HIGH

CVE-2020-8213

<= 1.13.3

An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access

5.3MEDIUM

CVE-2020-12695

all versions

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request wit

7.5HIGH

CVE-2020-8171

<= 6.2.0

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on

9.8CRITICAL

CVE-2020-8170

<= 6.2.0

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on

6.1MEDIUM

CVE-2020-8168

<= 6.2.0

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on

8.8HIGH

CVE-2020-8146

<= 3.10.2

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and

7.8HIGH

CVE-2020-8145

<= 3.9.3

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints

6.5MEDIUM

CVE-2020-8144

<= 3.9.3

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circum

8.4HIGH

CVE-2014-2225

< 3.2.1

Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attacke

8.8HIGH

CVE-2019-16889

< 2.0.3

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files

7.5HIGH

CVE-2019-5456

<= 5.10.21

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their ac

8.1HIGH

CVE-2010-5330

< 4.0.1

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname varia

9.8CRITICAL

CVE-2019-5430

<= 3.10.0

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the se

8.8HIGH

CVE-2017-0938

< 6.0.7

Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in a

7.5HIGH

CVE-2016-6914

< 3.8.0

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to ga

7.8HIGH

CVE-2014-2226

<= 2.4.6

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle at

CVE-2014-2227

<= 2.1.3

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Control

CVE-2013-3572

< 2.3.6

Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and

6.1MEDIUM