UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise
High
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.
Actions:
Reported by
ajxchapman
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)