CVE-2016-6914

HIGH

UniFi Video < 3.8.0 - Local Privilege Escalation via Weak Installation Directory Permissions

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-6914. PoCs published by Julien Ahrens, CybermonkX.

AI-analyzed exploit summary The advisory describes a local privilege escalation vulnerability in Ubiquiti UniFi Video for Windows, where insufficient directory permissions allow unprivileged users to place a malicious executable in the application directory, which is then executed with SYSTEM privileges by the service.

Description

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

Exploits (2)

exploitdb WRITEUP

by Julien Ahrens · textlocalwindows

https://www.exploit-db.com/exploits/43390

View Code ZIP pw:eip

The advisory describes a local privilege escalation vulnerability in Ubiquiti UniFi Video for Windows, where insufficient directory permissions allow unprivileged users to place a malicious executable in the application directory, which is then executed with SYSTEM privileges by the service.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Ubiquiti UniFi Video (Windows) versions 3.7.3, 3.7.0, 3.2.2, and older

Auth required

Prerequisites: Local access to the system · Low-privileged user account

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by CybermonkX · poc

https://github.com/CybermonkX/CVE-2016-6914-UniFiVideo-LPE

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2016-6914, a local privilege escalation vulnerability in Ubiquiti UniFi Video 3.7.3. The exploit replaces a trusted binary (taskkill.exe) with a malicious payload to achieve SYSTEM-level command execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Ubiquiti UniFi Video 3.7.3

Auth required

Prerequisites: Low-privileged access to the target system · Ability to replace the taskkill.exe binary in C:\ProgramData\unifi-video\ · Restart of the UniFi Video Service

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1059.001 - PowerShell

devstral-2 · analyzed Feb 18, 2026 Full analysis →