Skip to content

Latest commit

 

History

History
96 lines (92 loc) · 12.1 KB

TOPUBIQUITIINC.md

File metadata and controls

96 lines (92 loc) · 12.1 KB

Back

Top reports from Ubiquiti Inc. program at HackerOne:

  1. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - 526 upvotes, $16109
  2. Privilege-0 to Root Privilege Escalation on EdgeSwitch to Ubiquiti Inc. - 79 upvotes, $1604
  3. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 60 upvotes, $5000
  4. Public Jenkins instance with /script enabled to Ubiquiti Inc. - 60 upvotes, $2500
  5. Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry to Ubiquiti Inc. - 54 upvotes, $1000
  6. Login as root without password on EdgeSwitchX to Ubiquiti Inc. - 54 upvotes, $100
  7. Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 51 upvotes, $6000
  8. CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 47 upvotes, $500
  9. Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 44 upvotes, $500
  10. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 43 upvotes, $2750
  11. Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com to Ubiquiti Inc. - 33 upvotes, $2000
  12. sqli to Ubiquiti Inc. - 31 upvotes, $1000
  13. [dev-nightly.ubnt.com] Local File Reading to Ubiquiti Inc. - 31 upvotes, $100
  14. Firmware download/install vulnerable to CSRF to Ubiquiti Inc. - 30 upvotes, $1100
  15. [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users to Ubiquiti Inc. - 25 upvotes, $2000
  16. Source code disclosure on https://107.23.69.180 to Ubiquiti Inc. - 25 upvotes, $1000
  17. Directory traversal at https://nightly.ubnt.com to Ubiquiti Inc. - 22 upvotes, $500
  18. Privilege Escalation using API->Feature to Ubiquiti Inc. - 21 upvotes, $1500
  19. IDOR Causing Deletion of any account to Ubiquiti Inc. - 21 upvotes, $500
  20. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 20 upvotes, $1500
  21. UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise to Ubiquiti Inc. - 20 upvotes, $500
  22. Arbritrary file Upload on AirMax to Ubiquiti Inc. - 19 upvotes, $18000
  23. Stored XSS in community.ubnt.com to Ubiquiti Inc. - 19 upvotes, $500
  24. Shell Injection via Web Management Console (dl-fw.cgi) to Ubiquiti Inc. - 18 upvotes, $1300
  25. Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████) to Ubiquiti Inc. - 18 upvotes, $1250
  26. JetBrains .idea project directory to Ubiquiti Inc. - 18 upvotes, $200
  27. Read-Only user can execute arbitraty shell commands on AirOS to Ubiquiti Inc. - 17 upvotes, $1500
  28. Wordpress directories/files visible to internet to Ubiquiti Inc. - 17 upvotes, $600
  29. Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking to Ubiquiti Inc. - 16 upvotes, $1500
  30. Reflected XSS to Ubiquiti Inc. - 16 upvotes, $1000
  31. Subdomain Takeover (moderator.ubnt.com) to Ubiquiti Inc. - 16 upvotes, $500
  32. Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute to Ubiquiti Inc. - 16 upvotes, $250
  33. [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html to Ubiquiti Inc. - 16 upvotes, $100
  34. [account-global.ubnt.com] CRLF Injection to Ubiquiti Inc. - 15 upvotes, $150
  35. Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $600
  36. CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection to Ubiquiti Inc. - 14 upvotes, $500
  37. EdgeSwitch Command Injection to Ubiquiti Inc. - 14 upvotes, $100
  38. UBNT Amplification DDOS Attack to Ubiquiti Inc. - 13 upvotes, $2500
  39. Subdomain Takeover in http://assets.goubiquiti.com/ to Ubiquiti Inc. - 13 upvotes, $500
  40. Two Factor Authentication Bypass to Ubiquiti Inc. - 13 upvotes, $500
  41. Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server to Ubiquiti Inc. - 12 upvotes, $1604
  42. Privilege escalation in the client impersonation functionality to Ubiquiti Inc. - 12 upvotes, $1500
  43. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $1000
  44. Open Redirect in unifi.ubnt.com [Controller Finder] to Ubiquiti Inc. - 11 upvotes, $260
  45. [scores.ubnt.com] DOM based XSS at form.html to Ubiquiti Inc. - 11 upvotes, $150
  46. Reflected File Download in community.ubnt.com/restapi/ to Ubiquiti Inc. - 11 upvotes, $150
  47. Stored XSS in unifi.ubnt.com to Ubiquiti Inc. - 11 upvotes, $125
  48. Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry to Ubiquiti Inc. - 11 upvotes, $0
  49. UniFi Video Server - Arbitrary file upload as SYSTEM to Ubiquiti Inc. - 10 upvotes, $1375
  50. [dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies to Ubiquiti Inc. - 10 upvotes, $500
  51. Reflected XSS in scores.ubnt.com to Ubiquiti Inc. - 10 upvotes, $275
  52. Bypass blocked profile protection on aircrm.ubnt.com to Ubiquiti Inc. - 10 upvotes, $100
  53. UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise to Ubiquiti Inc. - 9 upvotes, $250
  54. Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/ to Ubiquiti Inc. - 9 upvotes, $150
  55. Stored XSS => community.ubnt.com to Ubiquiti Inc. - 9 upvotes, $150
  56. Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter. to Ubiquiti Inc. - 9 upvotes, $100
  57. Code Execution in restricted CLI of EdgeSwitch to Ubiquiti Inc. - 8 upvotes, $1500
  58. UniFi Video Server - Broken access control on system configuration to Ubiquiti Inc. - 8 upvotes, $1000
  59. UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities. to Ubiquiti Inc. - 8 upvotes, $667
  60. XSS on Nanostation Loco M2 Airmax to Ubiquiti Inc. - 8 upvotes, $500
  61. Unauthenticated Cross-Site Scripting in Web Management Console to Ubiquiti Inc. - 8 upvotes, $250
  62. UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise to Ubiquiti Inc. - 8 upvotes, $250
  63. Reflected Xss in AirMax [Nanostation Loco M2] to Ubiquiti Inc. - 8 upvotes, $185
  64. XSS to Ubiquiti Inc. - 8 upvotes, $150
  65. Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7 to Ubiquiti Inc. - 8 upvotes, $150
  66. Expired SSL certificate to Ubiquiti Inc. - 8 upvotes, $100
  67. Format String Vulnerability in the EdgeSwitch restricted CLI to Ubiquiti Inc. - 7 upvotes, $1500
  68. Unauthenticated request allows changing hostname to Ubiquiti Inc. - 7 upvotes, $550
  69. CSRF in login form would led to account takeover to Ubiquiti Inc. - 7 upvotes, $500
  70. Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software. to Ubiquiti Inc. - 7 upvotes, $500
  71. account.ubnt.com CSRF to Ubiquiti Inc. - 7 upvotes, $200
  72. HTML Injection on airlink.ubnt.com to Ubiquiti Inc. - 7 upvotes, $100
  73. Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header to Ubiquiti Inc. - 7 upvotes, $0
  74. CRLF Injection on openvpn.svc.ubnt.com to Ubiquiti Inc. - 7 upvotes, $0
  75. UniFi Video web interface Configuration Restore user privilege escalation to Ubiquiti Inc. - 6 upvotes, $1500
  76. Privilege Escalation with Session Hijacking Having a Non-privileged Valid User to Ubiquiti Inc. - 6 upvotes, $1000
  77. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $150
  78. XSS via SVG file to Ubiquiti Inc. - 6 upvotes, $0
  79. UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass to Ubiquiti Inc. - 4 upvotes, $1000
  80. 200 http code in 403 forbidden directories on main Ubnt.com domain to Ubiquiti Inc. - 4 upvotes, $0
  81. Security: Publicly accessible x.509 Public and Private Key of Ubiquiti Networks. to Ubiquiti Inc. - 4 upvotes, $0
  82. Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $1000
  83. Other Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 3 upvotes, $500
  84. UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs to Ubiquiti Inc. - 3 upvotes, $500
  85. Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $150
  86. Weak credentials for nutty.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
  87. Yet another Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $500
  88. Buffer Overflow in PHP of the AirMax Products to Ubiquiti Inc. - 2 upvotes, $250
  89. AirFibre products vulnerable to HTTP Header injection to Ubiquiti Inc. - 2 upvotes, $150

Back