CVE-2019-5430: CSRF
First published: Mon May 06 2019(Updated: )
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Unifi Video | <=3.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2019-5430.
What is the severity rating of CVE-2019-5430?
CVE-2019-5430 has a severity rating of 8.8 (high).
How can this vulnerability be exploited?
This vulnerability can be exploited by abusing the Web API in UniFi Video 3.10.0 and prior, without the user's consent, by luring an authenticated user to access an attacker-controlled page.
What is the impacted software version for CVE-2019-5430?
UniFi Video versions up to and including 3.10.0 are affected by CVE-2019-5430.
Are there any recommended fixes for CVE-2019-5430?
Updating UniFi Video to version 3.10.1 or later will fix CVE-2019-5430.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui unifi video
- version/ui unifi video/3.10.0