CVE-2019-5430
N/A
N/A
Summary
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | UniFi Video Server | 3.10.1 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/329749
- https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/ba-p/2658279
References
- https://hackerone.com/reports/329749
- https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/ba-p/2658279
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.