GCVE - cpe:2.3:a:ubiquiti:unifi_network_controller:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ubiquiti:unifi_network_controller:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ubiquiti (`dd08de32-5261-59b1-b6b8-2524668aba57`)
Product	Unifi Network Controller (`5a3a0359-9c79-59a5-ba87-9c9cc6d1a359`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-25652`	vulnerable	2026-06-03 14:40:18.898403	UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM HIGH (7.5) UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process. Published: 2026-03-27T21:19:26.490Z Updated: 2026-05-25T23:41:09.449Z Open on db.gcve.eu Reference links https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 https://www.vulncheck.com/advisories/unifi-network-controller-improper-certificate-validation-leading-to-credential-theft-via-mitm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-25651`	vulnerable	2026-06-03 14:40:18.894312	Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control HIGH (8.3) Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices. Published: 2026-03-27T21:16:30.611Z Updated: 2026-05-25T23:41:08.799Z Open on db.gcve.eu Reference links https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23-bfa7-53d59cc64ecb https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-recovery-and-unauthorized-device-control	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.