CVE-2019-5430

HIGH

UniFi Video < 3.10.0 - Cross-Site Request Forgery via Web API

Title source: llm
STIX 2.1

Description

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/329749

Scores

CVSS v3 8.8
EPSS 0.0071
EPSS Percentile 49.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
ui/unifi_video < 3.10.0
Published May 06, 2019
Tracked Since Feb 18, 2026