UniFi Video Controller v3.9.3 Improper Privilege Management Vulnerability


The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration.






The information has been provided by Vendor

The original article can be found at:https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e



This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer.


Vulnerable Systems:

UniFi Video Controller v3.9.3


CVE Information:


Disclosure Timeline:
Published Date:4/1/2020

Categories: FeaturedNews