PT-2020-19980 · Ubiquiti · Unifi Video Server+1

Published

2020-04-01

Updated

2020-04-03

CVE-2020-8144

CVSS v3.1

8.4

High

Vector

AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Video Server versions 3.9.3 and prior

Description The web interface Firmware Update functionality does not validate firmware download destinations, allowing manipulation of the destination file path to be outside the intended directory tree if the version field contains .. character sequences. This issue can be exploited by sending a request with a URL to firmware update information.

Recommendations For UniFi Video Server versions 3.9.3 and prior, update to UniFi Video Controller version 3.10.3 or newer to resolve the issue. As a temporary workaround, consider restricting access to the Firmware Update functionality until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-8144

Affected Products

Unifi Video Controller

Unifi Video Server

PT-2020-19980 · Ubiquiti · Unifi Video Server+1

CVE-2020-8144

Weakness Enumeration

Related Identifiers

Affected Products

References · 4