Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ubiquiti Networks UniFi Video 安全绕过漏洞
Vulnerability Description
Ubiquiti Networks UniFi Video(也称AirVision或AirVision Controller)是美国Ubiquiti Networks公司的一套视频监控系统。 Ubiquiti Networks UniFi Video 3.0.1之前版本中的默认的Flash跨域策略(crossdomain.xml)中存在安全漏洞,该漏洞源于程序没有限制访问应用程序。远程攻击者可通过特制的SWF文件利用该漏洞绕过同源策略。
CVSS Information
N/A
Vulnerability Type
N/A