Search criteria
15 vulnerabilities found for unifi_controller by ui
FKIE_CVE-2020-12695
Vulnerability from fkie_nvd - Published: 2020-06-08 17:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:unifi_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EAF0BA-0F00-4EC3-8AD1-38798E302EDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96FB9DD1-0AD3-422E-BE39-36D16B259BB3",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-n11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4A59C5-BD20-4EF8-BB18-E3EC2AFAB02F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:adsl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5324C118-FC2A-4701-A2D4-B149B6F8D82B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:canon:selphy_cp1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27493F05-2B86-41C9-90F3-29ED4621989F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3B7126-28E1-42F8-98CF-0EC156BE68D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB01CB7-C5BB-49D6-85A7-CECED514C7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9917176-E908-4110-A641-FED1DFF41C43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-n5412sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE29D9CF-0D42-4C02-8300-364DD9D87553",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:b1165nfw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42ADBAEC-12BB-40FB-B013-9E66B7849FE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ep-101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A29F002-A941-44B1-9CD3-CC239DCBC1EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:ew-m970a3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA722A34-5071-41A6-8C94-10719DCB0A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:m571t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5772EE0-AAFE-4E11-BE24-05839353E89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCFF0E3-1CA8-4676-9152-0F9B7E0DAF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-2101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1EBF0A-5E1B-4B26-97C3-08EFFECD4941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-2105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48BD48DC-F9D7-4377-9E08-93AB0416570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD52F9F-7715-424A-B0CD-923507C3AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A1753-C59A-447F-9396-F3B4284112DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC93844-D227-42B7-AE09-A439756773BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A52BAA-FCAB-4D01-B533-CDC2230F41B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DFAEE5-8B2C-4940-AC00-2961BC373755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-4105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FACBCEE3-5F3E-42B8-B6D4-3E945BC8BFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8F786A-C18B-4320-8B3D-2572D84BEFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F20CDA-18E9-4AC7-BC83-0C94A184B398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30063847-3DAD-4485-9B38-4C0E8F928E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "996C8FE4-5926-4D97-A28F-E371F3AFA876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAAA79D-A2A0-408F-B2E0-D88C315D73DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-8600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "866A5154-8E94-41C5-8F4F-F4B322986DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45362946-1559-42A8-A575-C136A6732B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A17A5E-07EC-4166-BEC1-252A40A85A64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:5020_z4a69a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606660FF-DBFD-4F88-AF36-125BA4B57D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5030_m2u92b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A109EFF-698F-438E-A9CA-7FDB2BB1E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5030_z4a70a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA37F9-41D0-496B-B90F-1BD08A0615F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5034_z4a74a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4F2B72-03BE-49CF-85C6-405CCB0F711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5660_f8b04a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8970163-15C4-4C35-9976-E03364E6801D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DA94DA-C428-4143-B8EB-43B8022D98A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FB3E78-3AF8-4FE2-A6EC-5F8FE87078A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB98F236-726C-43B4-B391-90052354AFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0015AA-6FC5-4AA2-8529-A09BFF2F867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA69799-EA06-407A-92E0-7FFD2C7A9A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3A6EAD-B58C-4C45-A63E-D4F6E47EDD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA924C6-7BEB-4B2A-92E0-EA3BAFA469DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4518:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3866E12-99A8-4375-B941-B5967196A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4539F8EF-9925-47A7-A3B8-C365B64A476B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA59F9C1-069E-450F-AEEF-8D4D9395B544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFD9ED4-1DB1-4150-84EC-DD6377B626E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE84F86-9EDA-47BB-8C83-A3E7505BA776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6903ED00-1EBC-476A-ADED-650D00113193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC732835-E3DC-46A2-AF68-0E4F48A44D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4839445-6775-4DC6-A0F1-D8073EC083BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99320BB7-7F19-4DF6-B9F6-D854660CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D258693F-EAA4-42AA-BDE2-F9F964870DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B50A1E9-B246-44A2-A002-221EAA3A3B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1CD0D8-F551-492B-AA36-9E1FCBA66AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD8A8A3-B906-47D9-9BDE-68A73432F680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D9E6BE-F3C4-4A2C-8744-976D5F79A408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D77C54A-B051-4442-A590-C182E9594B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4731E44-0726-4BA4-9E0D-9DAA7FF4690C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn518a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84988928-8254-4C49-BB9A-DCF415594E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn519a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8604981-347C-432F-9C69-DD6ED4FB90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn519b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57DD4D8C-DF38-46CC-9C75-5FDC1C5828B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC111A4D-9EB2-48F8-95C3-279F5F01EFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F97B02EA-A8CD-477E-A370-3D801EF04472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF5706-AC17-4CB1-BB94-776149CB04ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35DD32C-853A-42EC-821F-9F6C0E10478F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq812c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39035D44-8C6B-466B-8CDC-4693B1F0F1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_111_cq810a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD3E6A5-4BE8-4DEE-8F6A-E687E0E031AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq811a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00206EC6-40E9-44D7-91C2-DED3213BB1E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq811b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D667474F-9358-40CF-8B0F-5F31A243412E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq812a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53C5110-F0E4-4E51-97F2-C767BCBD21C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD44558B-C4F7-49FD-AC6C-CE664B707B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABCA098-9BB5-4BB2-9BC2-A2F52276A7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D70E7510-BEDA-45D1-A911-CBB6E0B5E53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t80a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5342517-0F54-4C43-9058-67E292B5BF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t80b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5106EA-B2DC-4674-BA84-BBD9F3B976DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481E0DF3-C2D3-48C4-9721-7850345F36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_d3p93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E44762-F2B9-4247-874E-8A6AED396653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4501_c8d05a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2174440D-AC3E-4D24-A561-399643CCD944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4502_a9t85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B056A3A9-693E-4BA8-BB42-932569FC41F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4502_a9t87b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03318A78-FFFF-4431-BE9F-1171613A1014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4503_e6g71b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CD712-FB1B-4D30-BA64-93FD78578B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4504_a9t88b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9633C6CB-0BA7-48B8-B4CA-96FF8E4D80D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4504_c8d04a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87BDB946-A599-4333-8DFE-B0F4E28DA9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4505_a9t86a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47285B08-4086-495E-96B6-E56EC8E8525C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4507_e6g70b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD864766-1ADF-40CA-AC4E-D8068C19362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4508_e6g72b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85564A-E70B-4A79-8B71-08947DA20186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4509_d3p94a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D75511-E215-494D-887F-D81B837B90B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4509_d3p94b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB6AD7A-D932-4C02-B2E2-D4C343796A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4511_k9h50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371A5792-1442-4BE5-B639-DEBF35FF60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4512_k9h49a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7447513E-A664-49F8-BCDB-041C21E4986A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4513_k9h51a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA7CDF6-4F2F-4227-AFCF-A7B77CFDBBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4516_k9h52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B45C67-E822-4932-AC44-A41B40C51089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_e6g67a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24EC840-1FE5-4BE2-95CD-79CA0AD521BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_e6g67b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83089810-0E60-4D5C-8B40-28D54E5C8121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC960C1-BF3D-41F4-AC85-5BEF4E96F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05D6ABC6-926F-4561-8196-7B0B5F39F3DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v69a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0525848-038E-447E-8A69-BDA1227947AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4521_k9t10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42FBB9B2-69DB-495D-87D4-F313047660FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4522_f0v67a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7477AAA3-FD6F-4A4F-B3C8-DCF55695991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4523_j6u60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D024C1BF-9F18-4D5E-988D-EC1083BA0D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_f0v71b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EACF115-7053-4EB6-A3F0-47D9D5D2BC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_f0v72b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5BB174-2D00-4B03-9DCF-32F8A93D3EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_k9t01a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "998C35EB-4B53-4CB7-A0A0-5FFFEF5BD155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4525_k9t09b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B34CE8-A2A4-4F36-8898-138E4B0A542A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4526_k9t05b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB71C71-5E10-43AB-83EA-AF5BD863163D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4527_j6u61b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A5F418-5FF5-4DB1-92DC-8C3588A10906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4528_k9t08b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F9056F-C3FD-4FC6-BCCD-0501BCEDB3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CC1275-CE6D-4C40-9F5A-F799DE82CC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5058889-2BCA-4EB3-8F0A-07FF682B50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u91a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1766FB5C-A6A1-4E61-9D34-4656A862C6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB77C0E-1B04-4FC6-B5B0-D7FB21A29007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F138EE5A-CCF6-4B08-8D77-1293FC6C7C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3879D0-F71A-45B1-8D9F-ABA4CCA07A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28CF45C7-F897-4BB8-8B6D-6AEEF7B384A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5020_m2u91b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C33C80-F0F4-483F-AC8C-FBA8DD82D05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4959F00-BCCF-4C51-B476-019733E14DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF045C3-ED70-4913-AF9F-AF2D65DADDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "036366B3-1FFC-4BA0-B769-EA055BC56C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5534:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561002B2-A1BA-42C0-B81D-F3E9133FFFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5535:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD7A448-9E0A-4F9D-83EA-3283AB99966A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7969AB56-208E-432E-A8D5-DE7839492604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16666F94-9ED1-4616-9713-DE75F32D1421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_f2e72a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD41ACC2-13C6-4569-80EB-13C490A3BECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v47a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99304D37-E10C-4123-AEB8-EF9A601D7F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v51a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4A6FE7-D032-4A1F-897A-D35611B3D2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E182D8-8E50-44CB-ACE7-FD93672EDD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v53a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC42C09-AC84-4D62-8C39-7482103AC14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_k7c85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B03E55D-88D8-4A51-8A08-2477E7FAF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5541_k7g89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91E209-C794-4D54-8313-ABB3755FD69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5542_k7c88a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3944F997-DBA4-4BCB-8DB1-25C0515A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5543_n9u88a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDF09AE-17F0-4423-92CC-70B0914A623B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5544_k7c89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E98A4D36-AB5F-47A3-8E7D-BB514EDA47AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5544_k7c93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF0C02A-38C8-447E-80CF-6E020C6CB2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5545_g0v50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE40C41-8AB9-4286-B201-1B1FD6430149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5546_k7c90a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA576D-B448-4ABC-B86C-BD0DDC682A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5547_j6u64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC07377-3C14-4E19-8695-9E6EE69D64EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5548_k7g87a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "442B60FE-E431-4AEB-86D4-557D5633BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5640_b9s56a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3BD841-57D0-42C7-85D6-5365A7AC60F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5640_b9s58a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A8D7F-5A2F-47D7-B60E-1AD99F34F8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5642_b9s64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEA384D-67F2-4261-BED4-94B9058D91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5643_b9s63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5397B5FD-921F-476A-B5F4-F1F9A94518CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5644_b9s65a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E48B3B4C-8CF0-41BB-AFD4-7D8169BCBC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5646_f8b05a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B01EB68D-D445-431C-8B7C-ED249A364A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5664_f8b08a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A36C6EBA-1B08-4F7E-BE72-2D502A37EC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5665_f8b06a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4586D249-A8FF-4EAC-8B51-89FE59AC2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_5se16b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAF6995-205A-46FB-B904-E8102727E414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_5se17a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18824CB2-0239-4884-9C73-B1B520348C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_6wd35a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1D9413-55BE-4A4C-AC5C-ED820E0243B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_7cz37a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E51D01-D179-4956-9F6B-16A4E6F7F9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6052_5se18a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794EF52A-832E-4951-AE3C-8C6149E42909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6055_5se16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D75EBF-1E37-486A-BC50-B991E0EA51A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6540_b9s59a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1275DB-E4CB-446D-9AC4-9A02E2F4E98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8892CDDD-B5D4-4D10-AA40-CC29846B3F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7644_e4w46a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86BDA5FF-5022-44BE-92C6-5A71AAB06BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7645_e4w44a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E427C91-DF55-4D55-A650-FF35B804B6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623C646C-DCE6-4E2C-98CB-BAA54F41485E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B8F20D-5433-4F88-89BA-C4CD6A7EFB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5F18F4-1BE4-4518-B2D1-89FD55A0E61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CA908F-40A8-40BA-AF4C-467D9FB4B720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2B05D5-56EE-4778-A30E-2A8705760511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6220_k7g20d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A798BB4B-7F4C-4C5E-B3CC-B3BD3668F1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6220_k7g21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB97E07-FDAF-46D2-B3F1-7F01D1B093C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6222_y0k13d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89AC8D-AACC-415C-AB42-6D7712B820EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6222_y0k14d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0875F92-3E39-4958-9240-B7E2FE8601B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6230_k7g25b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8BB196-69AD-4172-A5D9-229E77A9C81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6232_k7g26b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FB392C-FC90-45B3-B0C4-FB8762986417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6234_k7s21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAB5445-7A0D-48A5-B03C-65D7B809BCC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6252_k7g22a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65D3BE1C-4A96-4153-90AC-893A47B47DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC025AAE-E85B-45E8-BA94-290097CB4B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB506DAD-0266-49B6-93A1-1F3BCD7FEA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE74089E-9AAA-44BC-9A61-7A4E09789C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8543B3C3-0483-480A-9281-458E81A66DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019F45ED-891F-4C7E-9236-89F5A3F86653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7120_z3m41d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "686C6BF0-D822-4CC2-9F9D-F85AA4BBDCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7155_z3m52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F699145A-206A-40EA-8820-46DE934E0788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7164_k7g99a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3855AF-A674-4EC1-A0E7-2A6B99A94C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500F66C5-3054-4126-8926-94DC1432D116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBEA162-162B-47C1-AE5E-2B8AB7E8E020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA1531A-B518-4408-9254-87743147F4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA85B6EF-330A-4C99-B355-3563623920A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFA22DA-5C42-4D55-B5D8-CB138B27544F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7822_y0g42d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D7FD2C-5799-4A72-AA5B-B1A2BADFB664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7822_y0g43d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21D2DF-C98C-44BE-8F55-5D345266B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7830_y0g50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8966D89-B778-4B46-B28A-1621FA910B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_5se45b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2521E9E-D61F-46E4-A5DA-35AC996137C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_5se46a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF22F28C-AE05-46C0-A9B8-0D1272147CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_6wd14a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13463F33-0D5F-4BD7-86BD-85EB0C3ED6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_6wd16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF59A86-2BF5-44E7-A2E7-3958064D42DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6452_5se47a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90714920-70C8-402F-A5D0-795B69887B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6455_5se45a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF275372-458E-456A-94DB-0BAB5F9F15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_e6g87a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D183ADD-0776-4E84-8BB2-DFF427F3F666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_f1h96a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B26E254E-F461-42CA-BB26-5B18E2266475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_f1h96b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E225A758-DBDA-40F8-98A8-DD891E173B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_f1j02a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE13E814-C18C-474A-BC09-F5E01EF84831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_f1j05b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "932FB119-04F3-459E-A414-3F7A240254F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_k9v84b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "412A9802-E85D-4547-84B3-44E3F8DC2C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4654_f1j06b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E65AC31-6D84-4B54-BF48-98D173185B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4654_f1j07b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3020F448-42AE-4ADB-B362-CD978FCA47EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_f1j00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5BFA2B-0B40-48D0-AE96-E18FF069524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_k9v79a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78A59121-66F1-4C09-B142-B4C2F898FB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_k9v82b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28459A79-756A-4E36-AC7A-BAFF63E2CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4656_k9v81b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8CB88F-4333-4089-83C3-C45FEC7763E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4657_v6d29b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52B8526B-CF07-4291-9403-432CCFD5F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4658_v6d30b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5E91F3-FD77-47E6-BBAF-E39AB288C106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hg255s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3591F4-15BB-4DF4-A78A-95618BF8E47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "630E70ED-A042-44AC-98D2-0D7A2D088DFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:wr8165n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A92BA666-CFD5-42D6-AA64-818CC2513642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnhde111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48AE6436-788C-46E2-9F52-9999853919E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruckussecurity:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C70C35-BDEA-4F58-A96B-3E24431D0F00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC86368A-7589-45FC-B9F9-E3D7175F7A96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E878B7D8-06D3-4B94-A3C4-9065B0240790",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:amg1202-t10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38C0ECB8-909F-47C9-81E5-24384D555A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53C32749-82A6-42AA-9EBE-11014F161D2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494:*:*:*:*:*:*:*",
"matchCriteriaId": "703AFCFF-7B05-43E5-9600-09431D1AD04B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
},
{
"lang": "es",
"value": "La especificaci\u00f3n UPnP de Open Connectivity Foundation antes del 17-04-2020 no proh\u00edbe la aceptaci\u00f3n de una petici\u00f3n de suscripci\u00f3n con una URL de entrega en un segmento de red diferente a la URL de suscripci\u00f3n de evento totalmente calificada, tambi\u00e9n se conoce como el problema de CallStranger"
}
],
"id": "CVE-2020-12695",
"lastModified": "2024-11-21T05:00:05.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T17:15:09.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.callstranger.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.callstranger.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2225
Vulnerability from fkie_nvd - Published: 2020-02-08 16:15 - Updated: 2024-11-21 02:05
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Jul/126 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://sethsec.blogspot.com/2014/07/cve-2014-2225.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Jul/126 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sethsec.blogspot.com/2014/07/cve-2014-2225.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ui | airvision_controller | * | |
| ui | mfi_controller | * | |
| ui | unifi_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:airvision_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8D1FB8-7509-4D60-BF93-1E5FB707AD24",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ui:mfi_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9D08F6-3D37-410E-928D-AD03DB605F25",
"versionEndIncluding": "2.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5D1013-1CEC-46F4-A262-4EF70F9B27AE",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en Ubiquiti Networks UniFi Controller versiones anteriores a 3.2.1, permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que (1) crean un nuevo usuario administrador mediante una petici\u00f3n a api/add/admin; (2) tienen un impacto no especificado por medio de una petici\u00f3n a api/add/wlanconf; cambiar la (3) contrase\u00f1a, (4) m\u00e9todo de autenticaci\u00f3n o (5) subredes restringidas del invitado mediante una petici\u00f3n a api/set/setting/guest_access; (6) bloquear, (7) desbloquear u (8) volver a conectar a usuarios por la direcci\u00f3n MAC mediante una petici\u00f3n a api/cmd/stamgr; cambie el (9) servidor o (10) el puerto del syslog por medio de una petici\u00f3n a api/set/setting/rsyslogd; (11) tener un impacto no especificado por medio de una petici\u00f3n a api/set/setting/smtp; cambie el (12) servidor, (13) puerto o (14) configuraciones de autenticaci\u00f3n de syslog mediante una petici\u00f3n a api/cmd/cfgmgr; o (15) cambie el nombre del controlador Unifi por medio de una petici\u00f3n a api/set/setting/identity."
}
],
"id": "CVE-2014-2225",
"lastModified": "2024-11-21T02:05:52.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T16:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-5456
Vulnerability from fkie_nvd - Published: 2019-07-30 21:15 - Updated: 2024-11-21 04:44
Severity ?
Summary
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c | Release Notes, Vendor Advisory | |
| support@hackerone.com | https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124 | Release Notes, Vendor Advisory | |
| support@hackerone.com | https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 | Vendor Advisory | |
| support@hackerone.com | https://hackerone.com/reports/519582 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/519582 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ui | unifi_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAB8C2E-16B2-476E-9D1D-F374426A7A04",
"versionEndIncluding": "5.10.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version \u003c= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later."
},
{
"lang": "es",
"value": "Un MITM de SMTP se refiere a un actor malicioso que configura un servidor proxy SMTP entre la versi\u00f3n anterior a 5.10.21 (incluida) del controlador UniFi y su servidor SMTP actual, para registrar sus credenciales SMTP para un uso malicioso posterior."
}
],
"id": "CVE-2019-5456",
"lastModified": "2024-11-21T04:44:58.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T21:15:12.037",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"source": "support@hackerone.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/519582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/519582"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2226
Vulnerability from fkie_nvd - Published: 2014-07-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ui | unifi_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22388E53-7ABC-4715-9E73-422647D2E041",
"versionEndIncluding": "2.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "Ubiquiti UniFi Controller en versiones anteriores a 3.2.1 registra el hash de la contrase\u00f1a administrativa en mensajes syslog, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2226",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T14:55:05.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"source": "cve@mitre.org",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3572
Vulnerability from fkie_nvd - Published: 2013-12-31 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://dl.ubnt.com/unifi/static/cve-2013-3572.html | Vendor Advisory | |
| cve@mitre.org | http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/ | Broken Link, URL Repurposed | |
| cve@mitre.org | http://www.securityfocus.com/bid/64601 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dl.ubnt.com/unifi/static/cve-2013-3572.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/ | Broken Link, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/64601 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ui | unifi_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9171AEB-6BC3-42C1-803E-42747D649391",
"versionEndExcluding": "2.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) en la interfaz de administracion en el controlador UniFi de Ubiquiti Networks UniFi 2.3.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un nombre de host del cliente manipulado."
}
],
"id": "CVE-2013-3572",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2013-12-31T20:55:15.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-12695 (GCVE-0-2020-12695)
Vulnerability from cvelistv5 – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
VLAI?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T23:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.callstranger.com",
"refsource": "MISC",
"url": "https://www.callstranger.com"
},
{
"name": "https://www.kb.cert.org/vuls/id/339275",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
"refsource": "MISC",
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"name": "https://github.com/yunuscadirci/CallStranger",
"refsource": "MISC",
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
"refsource": "MISC",
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"name": "https://github.com/corelight/callstranger-detector",
"refsource": "MISC",
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12695",
"datePublished": "2020-06-08T16:45:04",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2225 (GCVE-0-2014-2225)
Vulnerability from cvelistv5 – Published: 2020-02-08 15:56 – Updated: 2024-08-06 10:05
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T15:56:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html",
"refsource": "MISC",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Jul/126",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2225",
"datePublished": "2020-02-08T15:56:28",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5456 (GCVE-0-2019-5456)
Vulnerability from cvelistv5 – Published: 2019-07-30 20:19 – Updated: 2024-08-04 19:54
VLAI?
Summary
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
Severity ?
No CVSS data available.
CWE
- CWE-300 - Man-in-the-Middle (CWE-300)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/519582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UniFi",
"vendor": "UniFi",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.10.21"
}
]
}
],
"datePublic": "2019-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version \u003c= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "Man-in-the-Middle (CWE-300)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T20:19:48",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/519582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UniFi",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.10.21"
}
]
}
}
]
},
"vendor_name": "UniFi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version \u003c= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle (CWE-300)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/519582",
"refsource": "MISC",
"url": "https://hackerone.com/reports/519582"
},
{
"name": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"name": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"name": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5456",
"datePublished": "2019-07-30T20:19:48",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2226 (GCVE-0-2014-2226)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-12T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68869"
},
{
"name": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"name": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html",
"refsource": "MISC",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2226",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3572 (GCVE-0-2013-3572)
Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047",
"refsource": "CONFIRM",
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"name": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html",
"refsource": "CONFIRM",
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64601"
},
{
"name": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/",
"refsource": "MISC",
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3572",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12695 (GCVE-0-2020-12695)
Vulnerability from nvd – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
VLAI?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T23:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.callstranger.com",
"refsource": "MISC",
"url": "https://www.callstranger.com"
},
{
"name": "https://www.kb.cert.org/vuls/id/339275",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
"refsource": "MISC",
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"name": "https://github.com/yunuscadirci/CallStranger",
"refsource": "MISC",
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
"refsource": "MISC",
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"name": "https://github.com/corelight/callstranger-detector",
"refsource": "MISC",
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12695",
"datePublished": "2020-06-08T16:45:04",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2225 (GCVE-0-2014-2225)
Vulnerability from nvd – Published: 2020-02-08 15:56 – Updated: 2024-08-06 10:05
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T15:56:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html",
"refsource": "MISC",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Jul/126",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2225",
"datePublished": "2020-02-08T15:56:28",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5456 (GCVE-0-2019-5456)
Vulnerability from nvd – Published: 2019-07-30 20:19 – Updated: 2024-08-04 19:54
VLAI?
Summary
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
Severity ?
No CVSS data available.
CWE
- CWE-300 - Man-in-the-Middle (CWE-300)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/519582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UniFi",
"vendor": "UniFi",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.10.21"
}
]
}
],
"datePublic": "2019-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version \u003c= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "Man-in-the-Middle (CWE-300)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T20:19:48",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/519582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UniFi",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.10.21"
}
]
}
}
]
},
"vendor_name": "UniFi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version \u003c= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle (CWE-300)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/519582",
"refsource": "MISC",
"url": "https://hackerone.com/reports/519582"
},
{
"name": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391"
},
{
"name": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c"
},
{
"name": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124",
"refsource": "CONFIRM",
"url": "https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5456",
"datePublished": "2019-07-30T20:19:48",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2226 (GCVE-0-2014-2226)
Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-12T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68869"
},
{
"name": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"name": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html",
"refsource": "MISC",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2226",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3572 (GCVE-0-2013-3572)
Vulnerability from nvd – Published: 2013-12-31 20:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047",
"refsource": "CONFIRM",
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047"
},
{
"name": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html",
"refsource": "CONFIRM",
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"
},
{
"name": "64601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64601"
},
{
"name": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/",
"refsource": "MISC",
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3572",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}