A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart.
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.