CyberSecurityBoard
Sponsor Register Login

UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks

The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed through Trend Micro’s Zero Day Initiative (ZDI), affect both camera firmware and the management application, with the most severe allowing complete device takeover through network-adjacent attacks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Improper validation of Let’s Encrypt certificates in the UniFi Protect web interface (nginx 1.25.3) allowed MITM attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Feb 2025 06:20:13 +0000


Cyber News related to UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks

CVE-2024-29206 - An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. ...
9 months ago
CVE-2024-29207 - An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. ...
9 months ago
CVE-2020-8267 - A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid ...
4 years ago
CVE-2024-29208 - An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. ...
9 months ago
CVE-2024-22054 - A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. ...
11 months ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2024-45205 - An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. ...
2 months ago
Ubiquiti users report having access to others' UniFi routers, cameras - Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device ...
1 year ago Bleepingcomputer.com
How to Scan a QR Code On iPhone - The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR ...
1 year ago Hackercombat.com
CVE-2023-35085 - An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). ...
1 year ago
CVE-2023-38034 - A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). ...
1 year ago
How To Deploy HYAS Protect - HYAS Protect is an intelligent, cloud-based protective DNS solution that proactively detects and blocks communication with command and control infrastructure used in malware attacks. HYAS Protect also blocks communication with a host of other ...
9 months ago Securityboulevard.com
CVE-2024-27981 - A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate ...
10 months ago Tenable.com
CVE-2019-11014 - The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the ...
5 years ago
CVE-2017-8228 - Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the ...
5 years ago
UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks - The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed through Trend Micro’s Zero Day Initiative (ZDI), affect both camera firmware and the management application, with the most severe allowing ...
3 hours ago Cybersecuritynews.com
CVE-2023-31997 - UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. ...
1 year ago
CVE-2024-34786 - UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz ...
7 months ago
CVE-2020-8146 - In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on ...
3 years ago
CVE-2021-22944 - A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi ...
2 years ago
CVE-2024-45599 - Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without ...
4 months ago Tenable.com
CVE-2020-8188 - We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according ...
4 years ago
How to protect IP surveillance cameras from Wi-Fi jamming - Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming. Blocking the signal blinds the device and stalls home and business ...
10 months ago Helpnetsecurity.com
What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
2 years ago Heimdalsecurity.com
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
9 months ago Security.googleblog.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)