Skip to content

Latest commit

 

History

History
99 lines (95 loc) · 12.5 KB

TOPUBIQUITIINC.md

File metadata and controls

99 lines (95 loc) · 12.5 KB
Raw

Back

Top reports from Ubiquiti Inc. program at HackerOne:

  1. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - 531 upvotes, $16109
  2. Privilege-0 to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 80 upvotes, $1604
  3. Public Jenkins instance with /script enabled to Ubiquiti Inc. - 65 upvotes, $2500
  4. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $5000
  5. Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry to Ubiquiti Inc. - 55 upvotes, $1000
  6. Login as root without password on EdgeSwitchX to Ubiquiti Inc. - 54 upvotes, $100
  7. Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 52 upvotes, $6000
  8. CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 48 upvotes, $500
  9. Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 45 upvotes, $500
  10. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 43 upvotes, $2750
  11. Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com to Ubiquiti Inc. - 39 upvotes, $2000
  12. Firmware download/install vulnerable to CSRF to Ubiquiti Inc. - 32 upvotes, $1100
  13. sqli to Ubiquiti Inc. - 32 upvotes, $1000
  14. [dev-nightly.ubnt.com] Local File Reading to Ubiquiti Inc. - 31 upvotes, $100
  15. [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users to Ubiquiti Inc. - 25 upvotes, $2000
  16. Source code disclosure on https://107.23.69.180 to Ubiquiti Inc. - 25 upvotes, $1000
  17. Directory traversal at https://nightly.ubnt.com to Ubiquiti Inc. - 23 upvotes, $500
  18. IDOR Causing Deletion of any account to Ubiquiti Inc. - 22 upvotes, $500
  19. Privilege Escalation using API->Feature to Ubiquiti Inc. - 21 upvotes, $1500
  20. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 20 upvotes, $1500
  21. Stored XSS in community.ubnt.com to Ubiquiti Inc. - 20 upvotes, $500
  22. UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise to Ubiquiti Inc. - 20 upvotes, $500
  23. Arbritrary file Upload on AirMax to Ubiquiti Inc. - 19 upvotes, $18000
  24. JetBrains .idea project directory to Ubiquiti Inc. - 19 upvotes, $200
  25. Shell Injection via Web Management Console (dl-fw.cgi) to Ubiquiti Inc. - 18 upvotes, $1300
  26. Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████) to Ubiquiti Inc. - 18 upvotes, $1250
  27. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 17 upvotes, $1500
  28. Wordpress directories/files visible to internet to Ubiquiti Inc. - 17 upvotes, $600
  29. [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html to Ubiquiti Inc. - 17 upvotes, $100
  30. Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking to Ubiquiti Inc. - 16 upvotes, $1500
  31. Reflected XSS to Ubiquiti Inc. - 16 upvotes, $1000
  32. Subdomain Takeover (moderator.ubnt.com) to Ubiquiti Inc. - 16 upvotes, $500
  33. Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute to Ubiquiti Inc. - 16 upvotes, $250
  34. Subdomain Takeover in http://assets.goubiquiti.com/ to Ubiquiti Inc. - 15 upvotes, $500
  35. [account-global.ubnt.com] CRLF Injection to Ubiquiti Inc. - 15 upvotes, $150
  36. Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $600
  37. CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection to Ubiquiti Inc. - 14 upvotes, $500
  38. EdgeSwitch Command Injection to Ubiquiti Inc. - 14 upvotes, $100
  39. UBNT Amplification DDOS Attack to Ubiquiti Inc. - 13 upvotes, $2500
  40. Two Factor Authentication Bypass to Ubiquiti Inc. - 13 upvotes, $500
  41. Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server to Ubiquiti Inc. - 12 upvotes, $1604
  42. Privilege escalation in the client impersonation functionality to Ubiquiti Inc. - 12 upvotes, $1500
  43. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $1000
  44. Open Redirect in unifi.ubnt.com [Controller Finder] to Ubiquiti Inc. - 11 upvotes, $260
  45. [scores.ubnt.com] DOM based XSS at form.html to Ubiquiti Inc. - 11 upvotes, $150
  46. Reflected File Download in community.ubnt.com/restapi/ to Ubiquiti Inc. - 11 upvotes, $150
  47. Stored XSS in unifi.ubnt.com to Ubiquiti Inc. - 11 upvotes, $125
  48. Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry to Ubiquiti Inc. - 11 upvotes, $0
  49. UniFi Video Server - Arbitrary file upload as SYSTEM to Ubiquiti Inc. - 10 upvotes, $1375
  50. [dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies to Ubiquiti Inc. - 10 upvotes, $500
  51. Reflected XSS in scores.ubnt.com to Ubiquiti Inc. - 10 upvotes, $275
  52. Bypass blocked profile protection on aircrm.ubnt.com to Ubiquiti Inc. - 10 upvotes, $100
  53. UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $250
  54. Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/ to Ubiquiti Inc. - 9 upvotes, $150
  55. Stored XSS => community.ubnt.com to Ubiquiti Inc. - 9 upvotes, $150
  56. Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 to Ubiquiti Inc. - 9 upvotes, $150
  57. Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter. to Ubiquiti Inc. - 9 upvotes, $100
  58. Code Execution in restricted CLI of EdgeSwitch to Ubiquiti Inc. - 8 upvotes, $1500
  59. UniFi Video Server - Broken access control on system configuration to Ubiquiti Inc. - 8 upvotes, $1000
  60. UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. to Ubiquiti Inc. - 8 upvotes, $667
  61. Unauthenticated request allows changing hostname to Ubiquiti Inc. - 8 upvotes, $550
  62. XSS on Nanostation Loco M2 Airmax to Ubiquiti Inc. - 8 upvotes, $500
  63. Unauthenticated Cross-Site Scripting in Web Management Console to Ubiquiti Inc. - 8 upvotes, $250
  64. UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise to Ubiquiti Inc. - 8 upvotes, $250
  65. Reflected Xss in AirMax [Nanostation Loco M2] to Ubiquiti Inc. - 8 upvotes, $185
  66. XSS to Ubiquiti Inc. - 8 upvotes, $150
  67. Expired SSL certificate to Ubiquiti Inc. - 8 upvotes, $100
  68. Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header to Ubiquiti Inc. - 8 upvotes, $0
  69. CRLF Injection on openvpn.svc.ubnt.com to Ubiquiti Inc. - 8 upvotes, $0
  70. Format String Vulnerability in the EdgeSwitch restricted CLI to Ubiquiti Inc. - 7 upvotes, $1500
  71. CSRF in login form would led to account takeover to Ubiquiti Inc. - 7 upvotes, $500
  72. Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software. to Ubiquiti Inc. - 7 upvotes, $500
  73. account.ubnt.com CSRF to Ubiquiti Inc. - 7 upvotes, $200
  74. HTML Injection on airlink.ubnt.com to Ubiquiti Inc. - 7 upvotes, $100
  75. XSS via SVG file to Ubiquiti Inc. - 7 upvotes, $0
  76. RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 6 upvotes, $6839
  77. UniFi Video web interface Configuration Restore user privilege escalation to Ubiquiti Inc. - 6 upvotes, $1500
  78. Privilege Escalation with Session Hijacking Having a Non-privileged Valid User to Ubiquiti Inc. - 6 upvotes, $1000
  79. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $150
  80. 200 http code in 403 forbidden directories on main Ubnt.com domain to Ubiquiti Inc. - 6 upvotes, $0
  81. Camera adoption DoS - UniFi Protect to Ubiquiti Inc. - 5 upvotes, $1604
  82. UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass to Ubiquiti Inc. - 4 upvotes, $1000
  83. Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices to Ubiquiti Inc. - 4 upvotes, $594
  84. Security: Publicly accessible x.509 Public and Private Key of Ubiquiti Networks. to Ubiquiti Inc. - 4 upvotes, $0
  85. Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $1000
  86. Other Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 3 upvotes, $500
  87. UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs to Ubiquiti Inc. - 3 upvotes, $500
  88. Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $150
  89. Weak credentials for nutty.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
  90. Yet another Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $500
  91. Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $250
  92. AirFibre products vulnerable to HTTP Header injection to Ubiquiti Inc. - 2 upvotes, $150

Back