CVE-2020-8144

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-8144

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8144.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-8144

Published

2020-04-01T23:15:13.813Z

Modified

2025-11-20T11:31:04.401491Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer.

References

https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e

Affected packages

Git / github.com/pducharme/unifi-video-controller

Affected ranges

Type: GIT
Repo: https://github.com/pducharme/unifi-video-controller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b54a4989294ddd051b8ea6969648381c69172612

Affected versions

3.*

3.9.0

3.9.2

3.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8144.json"