CVE-2014-2227

Ubiquiti Networks UniFi Video <3.0.1 - CSRF

Title source: llm

Description

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Seth Art · javawebappsphp

https://www.exploit-db.com/exploits/39268

View Code ZIP pw:eip

References (3)

[Exploit] http://seclists.org/fulldisclosure/2014/Jul/128

[Exploit] http://sethsec.blogspot.com/2014/07/cve-2014-2227.html

[Exploit] http://www.securityfocus.com/bid/68866

Scores

EPSS 0.0151

EPSS Percentile 81.3%

Details

CWE

CWE-264

Status published

Products (1)

ui/unifi_video < 2.1.3

Published Jul 25, 2014

Tracked Since Feb 18, 2026