Description
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- none
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-427
Metadata
- Primary Vendor
- UI
- Published
- 5/17/2021
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ui : unifi_video
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.