Skip to content

Latest commit

 

History

History
100 lines (99 loc) · 13 KB

TOPUBIQUITIINC.md

File metadata and controls

100 lines (99 loc) · 13 KB
Raw

Top reports from Ubiquiti Inc. program at HackerOne:

  1. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - 541 upvotes, $0
  2. Privilege-0 to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 81 upvotes, $0
  3. Public Jenkins instance with /script enabled to Ubiquiti Inc. - 72 upvotes, $0
  4. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $0
  5. Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry to Ubiquiti Inc. - 56 upvotes, $0
  6. Login as root without password on EdgeSwitchX to Ubiquiti Inc. - 54 upvotes, $0
  7. Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 52 upvotes, $0
  8. CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 50 upvotes, $0
  9. Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 45 upvotes, $0
  10. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 43 upvotes, $0
  11. Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com to Ubiquiti Inc. - 43 upvotes, $0
  12. View Only to Root Privilege Escalation on UniFi Protect to Ubiquiti Inc. - 38 upvotes, $0
  13. sqli to Ubiquiti Inc. - 33 upvotes, $0
  14. Firmware download/install vulnerable to CSRF to Ubiquiti Inc. - 32 upvotes, $0
  15. [dev-nightly.ubnt.com] Local File Reading to Ubiquiti Inc. - 31 upvotes, $0
  16. Source code disclosure on https://107.23.69.180 to Ubiquiti Inc. - 25 upvotes, $0
  17. [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users to Ubiquiti Inc. - 25 upvotes, $0
  18. Directory traversal at https://nightly.ubnt.com to Ubiquiti Inc. - 24 upvotes, $0
  19. Readonly to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 24 upvotes, $0
  20. IDOR Causing Deletion of any account to Ubiquiti Inc. - 22 upvotes, $0
  21. Stored XSS in community.ubnt.com to Ubiquiti Inc. - 21 upvotes, $0
  22. Privilege Escalation using API->Feature to Ubiquiti Inc. - 21 upvotes, $0
  23. UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise to Ubiquiti Inc. - 21 upvotes, $0
  24. Arbritrary file Upload on AirMax to Ubiquiti Inc. - 20 upvotes, $0
  25. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 20 upvotes, $0
  26. JetBrains .idea project directory to Ubiquiti Inc. - 20 upvotes, $0
  27. Subdomain Takeover in http://assets.goubiquiti.com/ to Ubiquiti Inc. - 19 upvotes, $0
  28. Shell Injection via Web Management Console (dl-fw.cgi) to Ubiquiti Inc. - 19 upvotes, $0
  29. Subdomain Takeover (moderator.ubnt.com) to Ubiquiti Inc. - 19 upvotes, $0
  30. Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████) to Ubiquiti Inc. - 19 upvotes, $0
  31. Wordpress directories/files visible to internet to Ubiquiti Inc. - 18 upvotes, $0
  32. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 17 upvotes, $0
  33. [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html to Ubiquiti Inc. - 17 upvotes, $0
  34. [account-global.ubnt.com] CRLF Injection to Ubiquiti Inc. - 17 upvotes, $0
  35. Web Server Predictable Session ID on EdgeSwitch to Ubiquiti Inc. - 17 upvotes, $0
  36. Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking to Ubiquiti Inc. - 16 upvotes, $0
  37. Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute to Ubiquiti Inc. - 16 upvotes, $0
  38. Reflected XSS to Ubiquiti Inc. - 16 upvotes, $0
  39. SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch to Ubiquiti Inc. - 15 upvotes, $0
  40. CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection to Ubiquiti Inc. - 14 upvotes, $0
  41. Two Factor Authentication Bypass to Ubiquiti Inc. - 14 upvotes, $0
  42. UBNT Amplification DDOS Attack to Ubiquiti Inc. - 14 upvotes, $0
  43. EdgeSwitch Command Injection to Ubiquiti Inc. - 14 upvotes, $0
  44. Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $0
  45. Privilege escalation in the client impersonation functionality to Ubiquiti Inc. - 12 upvotes, $0
  46. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $0
  47. Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server to Ubiquiti Inc. - 12 upvotes, $0
  48. Open Redirect in unifi.ubnt.com [Controller Finder] to Ubiquiti Inc. - 11 upvotes, $0
  49. Stored XSS in unifi.ubnt.com to Ubiquiti Inc. - 11 upvotes, $0
  50. [scores.ubnt.com] DOM based XSS at form.html to Ubiquiti Inc. - 11 upvotes, $0
  51. Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry to Ubiquiti Inc. - 11 upvotes, $0
  52. Reflected File Download in community.ubnt.com/restapi/ to Ubiquiti Inc. - 11 upvotes, $0
  53. Bypass blocked profile protection on aircrm.ubnt.com to Ubiquiti Inc. - 11 upvotes, $0
  54. Reflected XSS in scores.ubnt.com to Ubiquiti Inc. - 10 upvotes, $0
  55. [dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies to Ubiquiti Inc. - 10 upvotes, $0
  56. UniFi Video Server - Arbitrary file upload as SYSTEM to Ubiquiti Inc. - 10 upvotes, $0
  57. Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 to Ubiquiti Inc. - 10 upvotes, $0
  58. RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 10 upvotes, $0
  59. CSRF in login form would led to account takeover to Ubiquiti Inc. - 9 upvotes, $0
  60. account.ubnt.com CSRF to Ubiquiti Inc. - 9 upvotes, $0
  61. Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter. to Ubiquiti Inc. - 9 upvotes, $0
  62. Expired SSL certificate to Ubiquiti Inc. - 9 upvotes, $0
  63. Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/ to Ubiquiti Inc. - 9 upvotes, $0
  64. Stored XSS => community.ubnt.com to Ubiquiti Inc. - 9 upvotes, $0
  65. UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $0
  66. UniFi Video Server - Broken access control on system configuration to Ubiquiti Inc. - 9 upvotes, $0
  67. UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $0
  68. Reflected Xss in AirMax [Nanostation Loco M2] to Ubiquiti Inc. - 8 upvotes, $0
  69. Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header to Ubiquiti Inc. - 8 upvotes, $0
  70. XSS via SVG file to Ubiquiti Inc. - 8 upvotes, $0
  71. XSS to Ubiquiti Inc. - 8 upvotes, $0
  72. HTML Injection on airlink.ubnt.com to Ubiquiti Inc. - 8 upvotes, $0
  73. CRLF Injection on openvpn.svc.ubnt.com to Ubiquiti Inc. - 8 upvotes, $0
  74. XSS on Nanostation Loco M2 Airmax to Ubiquiti Inc. - 8 upvotes, $0
  75. Unauthenticated Cross-Site Scripting in Web Management Console to Ubiquiti Inc. - 8 upvotes, $0
  76. Code Execution in restricted CLI of EdgeSwitch to Ubiquiti Inc. - 8 upvotes, $0
  77. UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. to Ubiquiti Inc. - 8 upvotes, $0
  78. UniFi Video web interface Configuration Restore user privilege escalation to Ubiquiti Inc. - 8 upvotes, $0
  79. Unauthenticated request allows changing hostname to Ubiquiti Inc. - 8 upvotes, $0
  80. XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi to Ubiquiti Inc. - 8 upvotes, $0
  81. 200 http code in 403 forbidden directories on main Ubnt.com domain to Ubiquiti Inc. - 7 upvotes, $0
  82. Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software. to Ubiquiti Inc. - 7 upvotes, $0
  83. Format String Vulnerability in the EdgeSwitch restricted CLI to Ubiquiti Inc. - 7 upvotes, $0
  84. UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass to Ubiquiti Inc. - 6 upvotes, $0
  85. Privilege Escalation with Session Hijacking Having a Non-privileged Valid User to Ubiquiti Inc. - 6 upvotes, $0
  86. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $0
  87. Camera adoption DoS - UniFi Protect to Ubiquiti Inc. - 6 upvotes, $0
  88. Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices to Ubiquiti Inc. - 5 upvotes, $0
  89. Other Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 4 upvotes, $0
  90. Security: Publicly accessible x.509 Public and Private Key of Ubiquiti Networks. to Ubiquiti Inc. - 4 upvotes, $0
  91. Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 3 upvotes, $0
  92. Yet another Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 3 upvotes, $0
  93. Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
  94. Weak credentials for nutty.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
  95. Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $0
  96. UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs to Ubiquiti Inc. - 3 upvotes, $0
  97. AirFibre products vulnerable to HTTP Header injection to Ubiquiti Inc. - 2 upvotes, $0
  98. 3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) to Ubiquiti Inc. - 1 upvotes, $0