Description
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f
Scores
CVSS v3
9.6
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
ui/unifi_protect
< 1.19.0
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026