Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
BID:68873
Info
Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 68873 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-2225 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2014 12:00AM |
| Updated: | Jul 23 2014 12:00AM |
| Credit: | Seth Art |
| Vulnerable: |
Ubiquiti Networks UniFi Video 2.1.3 Ubiquiti Networks UniFi 2.4.6 Ubiquiti Networks mFi 2.0.15 |
| Not Vulnerable: |
Ubiquiti Networks UniFi Video 3.0.1 Ubiquiti Networks UniFi 3.2.1 Ubiquiti Networks mFi 2.0.24 |
Discussion
Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
Multiple Ubiquiti Networks products including UniFi Video, UniFi and mFi are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
The following products are affected:
UniFi 2.4.6
UniFi Video 2.1.3
mFi 2.0.15
Multiple Ubiquiti Networks products including UniFi Video, UniFi and mFi are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
The following products are affected:
UniFi 2.4.6
UniFi Video 2.1.3
mFi 2.0.15
Exploit / POC
Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
To exploit this issue an attacker must entice a user into visiting a malicious site.
The following exploit is available:
To exploit this issue an attacker must entice a user into visiting a malicious site.
The following exploit is available:
Solution / Fix
Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Multiple Ubiquiti Networks Products CVE-2014-2225 Cross Site Request Forgery Vulnerability
References:
References:
- CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forger (SecLists.Org)
- Ubiquiti - UniFi Controller v2.4.6 - Cross-site Request Forgery (CSRF) (SethSec)
- Ubiquiti Networks, Inc. Homepage (Ubiquiti Networks, Inc. )