Ubiquiti Inc. Program Statistics

View program

15 total issues disclosed

$60,915 total paid publicly

Most disclosed (5 disclosures) — Command Injection - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) Cross-site Scripting (XSS) - Reflected nih8l Medium 2021-10-10
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi Cross-site Scripting (XSS) - Reflected nih8l Medium 2021-10-10
Readonly to Root Privilege Escalation on EdgeSwitch Command Injection - Generic fr33rh High 2021-05-23
Web Server Predictable Session ID on EdgeSwitch Insufficient Session Expiration fr33rh High 2021-05-23
View Only to Root Privilege Escalation on UniFi Protect Command Injection - Generic fr33rh High 2021-05-23
SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch Information Disclosure fr33rh High 2021-05-23
Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices Command Injection - Generic murmus Medium 2020-06-30
RCE in AirOS 6.2.0 Devices with CSRF bypass Command Injection - Generic murmus High 2020-06-30
Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 Cross-site Scripting (XSS) - Reflected grampae Medium 2020-06-01
Firmware download/install vulnerable to CSRF Cross-Site Request Forgery (CSRF) jstjohn High 2020-05-29
UniFi Video web interface Configuration Restore user privilege escalation Privilege Escalation ajxchapman High 2020-04-01
UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise Path Traversal ajxchapman High 2020-04-01
UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. Privilege Escalation b0yd Medium 2020-04-01
Privilege Escalation From user to SYSTEM via unauthenticated command execution Command Injection - Generic b0yd Critical 2019-11-08
Privilege-0 to Root Privilege Escalation on EdgeSwitch Privilege Escalation fr33rh High 2019-03-31