A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.
References
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2023-05-11 22:15
Updated : 2025-01-27 17:15
NVD link : CVE-2023-28361
Mitre link : CVE-2023-28361
CVE.ORG link : CVE-2023-28361
JSON object : View
Products Affected
uni
- cloud_key_gen2_plus
- cloud_key_gen2
- unifi_os
- ubiquiti_networks_unifi_dream_machine
- unifi_dream_router
- unifi_protect_network_video_recorder
- ubiquiti_networks_unifi_dream_machine_professional
- unifi_protect_network_video_recorder_professional
- ubiquiti_networks_unifi_dream_machine_se
CWE
CWE-352
Cross-Site Request Forgery (CSRF)