Ubiquiti UniFi Dream Machine Pro

CPE Details

Ubiquiti UniFi Dream Machine Pro
ui
unifi_dream_machine_pro
-
2020-08-11
12h54 +00:00
2020-08-11
12h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*

Informations

Vendor

ui

Product

unifi_dream_machine_pro

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-41721 2023-10-25 00h24 +00:00 Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.
5.3
Moyen
CVE-2023-24104 2023-02-23 00h00 +00:00 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
9.8
Critique
CVE-2021-22882 2021-02-23 17h28 +00:00 UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
7.5
Haute
CVE-2020-8188 2020-07-02 16h35 +00:00 We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
8.8
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.