Unifi Network Application
Approved changes feed: RSS · Atom
cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ubiquiti (dd08de32-5261-59b1-b6b8-2524668aba57) |
|---|---|
| Product | Unifi Network Application (2da662f4-7424-5c6e-b022-235b53862251) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-42028 |
vulnerable | 2026-06-03 14:56:35.735351 |
Details available
HIGH (8.8)
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
Published: 2024-10-28T15:54:15.384Z
Updated: 2024-10-28T18:53:11.285Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42025 |
vulnerable | 2026-06-03 14:56:35.727730 |
Details available
HIGH (7.8)
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
Published: 2024-09-13T15:47:19.568Z
Updated: 2024-09-28T17:44:02.226Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27981 |
vulnerable | 2026-06-03 14:55:24.384801 |
Details available
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.
Affected Products:
UniFi Network Application (Version 8.0.28 and earlier) .
Mitigation:
Update UniFi Network Application to Version 8.1.113 or later.
Published: 2024-04-04T22:16:29.361Z
Updated: 2025-03-18T20:10:28.730Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41721 |
vulnerable | 2026-06-03 14:52:52.218887 |
Details available
CRITICAL (10)
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
Published: 2023-10-25T00:24:34.072Z
Updated: 2024-09-13T16:28:08.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32000 |
vulnerable | 2026-06-03 14:51:57.153214 |
Details available
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
Published: 2023-07-07T23:07:53.212Z
Updated: 2024-10-21T21:11:02.916Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28365 |
vulnerable | 2026-06-03 14:51:08.937486 |
Details available
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
Published: 2023-06-30T23:40:13.388Z
Updated: 2024-11-27T17:23:23.036Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.