Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Ubiquiti Networks UniFi Cloud Key 授权问题漏洞
Vulnerability Description
Ubiquiti Networks UniFi Cloud Key是美国优比快(Ubiquiti Networks)公司的一款支持管理UniFi网络的秘钥设备。 UniFi Protect controller v1.14.10及之前版本存在安全漏洞,该漏洞允许攻击者在没有有效令牌的情况下通过api发送已验证过的消息。
CVSS Information
N/A
Vulnerability Type
N/A