QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5430

Published: May 6, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

Vendor	Product	Versions
n/a	UniFi Video Server	affected `3.10.1`

Weaknesses (CWE)

References

https://hackerone.com/reports/329749

x_refsource_MISC

https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/ba-p/2658279

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.