Skip to content

Latest commit

 

History

History
100 lines (99 loc) · 13.2 KB

TOPUBIQUITIINC.md

File metadata and controls

100 lines (99 loc) · 13.2 KB
Raw

Top reports from Ubiquiti Inc. program at HackerOne:

  1. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - 536 upvotes, $16109
  2. Privilege-0 to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 81 upvotes, $1604
  3. Public Jenkins instance with /script enabled to Ubiquiti Inc. - 71 upvotes, $2500
  4. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $5000
  5. Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry to Ubiquiti Inc. - 56 upvotes, $1000
  6. Login as root without password on EdgeSwitchX to Ubiquiti Inc. - 54 upvotes, $100
  7. Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 52 upvotes, $6000
  8. CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 50 upvotes, $500
  9. Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 45 upvotes, $500
  10. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 43 upvotes, $2750
  11. Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com to Ubiquiti Inc. - 41 upvotes, $2000
  12. View Only to Root Privilege Escalation on UniFi Protect to Ubiquiti Inc. - 38 upvotes, $11689
  13. sqli to Ubiquiti Inc. - 33 upvotes, $1000
  14. Firmware download/install vulnerable to CSRF to Ubiquiti Inc. - 32 upvotes, $1100
  15. [dev-nightly.ubnt.com] Local File Reading to Ubiquiti Inc. - 31 upvotes, $100
  16. [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users to Ubiquiti Inc. - 25 upvotes, $2000
  17. Source code disclosure on https://107.23.69.180 to Ubiquiti Inc. - 25 upvotes, $1000
  18. Readonly to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 24 upvotes, $6690
  19. Directory traversal at https://nightly.ubnt.com to Ubiquiti Inc. - 24 upvotes, $500
  20. IDOR Causing Deletion of any account to Ubiquiti Inc. - 22 upvotes, $500
  21. Privilege Escalation using API->Feature to Ubiquiti Inc. - 21 upvotes, $1500
  22. Stored XSS in community.ubnt.com to Ubiquiti Inc. - 21 upvotes, $500
  23. UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise to Ubiquiti Inc. - 21 upvotes, $500
  24. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 20 upvotes, $1500
  25. Arbritrary file Upload on AirMax to Ubiquiti Inc. - 19 upvotes, $18000
  26. Shell Injection via Web Management Console (dl-fw.cgi) to Ubiquiti Inc. - 19 upvotes, $1300
  27. Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████) to Ubiquiti Inc. - 19 upvotes, $1250
  28. Subdomain Takeover in http://assets.goubiquiti.com/ to Ubiquiti Inc. - 19 upvotes, $500
  29. Subdomain Takeover (moderator.ubnt.com) to Ubiquiti Inc. - 19 upvotes, $500
  30. JetBrains .idea project directory to Ubiquiti Inc. - 19 upvotes, $200
  31. Web Server Predictable Session ID on EdgeSwitch to Ubiquiti Inc. - 17 upvotes, $6690
  32. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 17 upvotes, $1500
  33. Wordpress directories/files visible to internet to Ubiquiti Inc. - 17 upvotes, $600
  34. [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html to Ubiquiti Inc. - 17 upvotes, $100
  35. Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking to Ubiquiti Inc. - 16 upvotes, $1500
  36. Reflected XSS to Ubiquiti Inc. - 16 upvotes, $1000
  37. Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute to Ubiquiti Inc. - 16 upvotes, $250
  38. [account-global.ubnt.com] CRLF Injection to Ubiquiti Inc. - 16 upvotes, $150
  39. SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch to Ubiquiti Inc. - 15 upvotes, $6689
  40. Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $600
  41. CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection to Ubiquiti Inc. - 14 upvotes, $500
  42. EdgeSwitch Command Injection to Ubiquiti Inc. - 14 upvotes, $100
  43. UBNT Amplification DDOS Attack to Ubiquiti Inc. - 13 upvotes, $2500
  44. Two Factor Authentication Bypass to Ubiquiti Inc. - 13 upvotes, $500
  45. Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server to Ubiquiti Inc. - 12 upvotes, $1604
  46. Privilege escalation in the client impersonation functionality to Ubiquiti Inc. - 12 upvotes, $1500
  47. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $1000
  48. Open Redirect in unifi.ubnt.com [Controller Finder] to Ubiquiti Inc. - 11 upvotes, $260
  49. [scores.ubnt.com] DOM based XSS at form.html to Ubiquiti Inc. - 11 upvotes, $150
  50. Reflected File Download in community.ubnt.com/restapi/ to Ubiquiti Inc. - 11 upvotes, $150
  51. Stored XSS in unifi.ubnt.com to Ubiquiti Inc. - 11 upvotes, $125
  52. Bypass blocked profile protection on aircrm.ubnt.com to Ubiquiti Inc. - 11 upvotes, $100
  53. Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry to Ubiquiti Inc. - 11 upvotes, $0
  54. UniFi Video Server - Arbitrary file upload as SYSTEM to Ubiquiti Inc. - 10 upvotes, $1375
  55. [dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies to Ubiquiti Inc. - 10 upvotes, $500
  56. Reflected XSS in scores.ubnt.com to Ubiquiti Inc. - 10 upvotes, $275
  57. UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $250
  58. UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $250
  59. Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/ to Ubiquiti Inc. - 9 upvotes, $150
  60. Stored XSS => community.ubnt.com to Ubiquiti Inc. - 9 upvotes, $150
  61. Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 to Ubiquiti Inc. - 9 upvotes, $150
  62. Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter. to Ubiquiti Inc. - 9 upvotes, $100
  63. Expired SSL certificate to Ubiquiti Inc. - 9 upvotes, $100
  64. RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 8 upvotes, $6839
  65. Code Execution in restricted CLI of EdgeSwitch to Ubiquiti Inc. - 8 upvotes, $1500
  66. UniFi Video web interface Configuration Restore user privilege escalation to Ubiquiti Inc. - 8 upvotes, $1500
  67. UniFi Video Server - Broken access control on system configuration to Ubiquiti Inc. - 8 upvotes, $1000
  68. UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. to Ubiquiti Inc. - 8 upvotes, $667
  69. Unauthenticated request allows changing hostname to Ubiquiti Inc. - 8 upvotes, $550
  70. CSRF in login form would led to account takeover to Ubiquiti Inc. - 8 upvotes, $500
  71. XSS on Nanostation Loco M2 Airmax to Ubiquiti Inc. - 8 upvotes, $500
  72. Unauthenticated Cross-Site Scripting in Web Management Console to Ubiquiti Inc. - 8 upvotes, $250
  73. account.ubnt.com CSRF to Ubiquiti Inc. - 8 upvotes, $200
  74. Reflected Xss in AirMax [Nanostation Loco M2] to Ubiquiti Inc. - 8 upvotes, $185
  75. XSS to Ubiquiti Inc. - 8 upvotes, $150
  76. Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header to Ubiquiti Inc. - 8 upvotes, $0
  77. XSS via SVG file to Ubiquiti Inc. - 8 upvotes, $0
  78. CRLF Injection on openvpn.svc.ubnt.com to Ubiquiti Inc. - 8 upvotes, $0
  79. Format String Vulnerability in the EdgeSwitch restricted CLI to Ubiquiti Inc. - 7 upvotes, $1500
  80. Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software. to Ubiquiti Inc. - 7 upvotes, $500
  81. XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi to Ubiquiti Inc. - 7 upvotes, $344
  82. HTML Injection on airlink.ubnt.com to Ubiquiti Inc. - 7 upvotes, $100
  83. 200 http code in 403 forbidden directories on main Ubnt.com domain to Ubiquiti Inc. - 7 upvotes, $0
  84. Camera adoption DoS - UniFi Protect to Ubiquiti Inc. - 6 upvotes, $1604
  85. Privilege Escalation with Session Hijacking Having a Non-privileged Valid User to Ubiquiti Inc. - 6 upvotes, $1000
  86. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $150
  87. UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass to Ubiquiti Inc. - 5 upvotes, $1000
  88. Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices to Ubiquiti Inc. - 4 upvotes, $594
  89. Security: Publicly accessible x.509 Public and Private Key of Ubiquiti Networks. to Ubiquiti Inc. - 4 upvotes, $0
  90. Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $1000
  91. Other Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 3 upvotes, $500
  92. UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs to Ubiquiti Inc. - 3 upvotes, $500
  93. Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $150
  94. Weak credentials for nutty.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
  95. Yet another Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $500
  96. Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $250
  97. AirFibre products vulnerable to HTTP Header injection to Ubiquiti Inc. - 2 upvotes, $150
  98. 3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290) to Ubiquiti Inc. - 1 upvotes, $950