Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8144


The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer.


Published

2020-04-01T23:15:13.813

Last Modified

2024-11-21T05:38:22.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ui unifi_video ≤ 3.9.3 Yes
Operating System microsoft windows - No

References