What is the vulnerability ID?

The vulnerability ID is CVE-2014-2225.

What is the severity level of CVE-2014-2225?

The severity level of CVE-2014-2225 is high (8.8).

What is the description of CVE-2014-2225?

CVE-2014-2225 is a vulnerability that allows remote attackers to hijack the authentication of administrators in Ubiquiti Networks UniFi Controller, enabling them to perform unauthorized actions.

Which software is affected by CVE-2014-2225?

Ubiquiti Networks UniFi Controller versions before 3.2.1, Ui Airvision Controller versions up to and including 2.1.3, and Ui Mfi Controller versions up to and including 2.0.15 are affected by CVE-2014-2225.

Where can I find more information about CVE-2014-2225?

More information about CVE-2014-2225 can be found at the following references: [1] http://seclists.org/fulldisclosure/2014/Jul/126 [2] http://sethsec.blogspot.com/2014/07/cve-2014-2225.html

Vulnerability/
CVE-2014-2225

high

8.8

CWE

352

8/2/2020

6/8/2024

CVE-2014-2225: CSRF

First published: Sat Feb 08 2020(Updated: )

Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ui Airvision Controller	<=2.1.3
Ui Mfi Controller	<=2.0.15
Ui Unifi Controller	<3.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2014-2225.
What is the severity level of CVE-2014-2225?
The severity level of CVE-2014-2225 is high (8.8).
What is the description of CVE-2014-2225?
CVE-2014-2225 is a vulnerability that allows remote attackers to hijack the authentication of administrators in Ubiquiti Networks UniFi Controller, enabling them to perform unauthorized actions.
Which software is affected by CVE-2014-2225?
Ubiquiti Networks UniFi Controller versions before 3.2.1, Ui Airvision Controller versions up to and including 2.1.3, and Ui Mfi Controller versions up to and including 2.0.15 are affected by CVE-2014-2225.
Where can I find more information about CVE-2014-2225?
More information about CVE-2014-2225 can be found at the following references: [1] http://seclists.org/fulldisclosure/2014/Jul/126 [2] http://sethsec.blogspot.com/2014/07/cve-2014-2225.html

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/ui
canonical/ui airvision controller
version/ui airvision controller/2.1.3
canonical/ui mfi controller
version/ui mfi controller/2.0.15
canonical/ui unifi controller

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.