CVE-2020-24755

HIGH

UI Unifi Video - Uncontrolled Search Path

Title source: rule

Description

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).

References (1)

[Exploit, Third Party Advisory] https://www.youtube.com/watch?v=T41h4yeh9dk

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

ui/unifi_video

Timeline

Published May 17, 2021

Tracked Since Feb 18, 2026