• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

Ubiquiti UniFi Shield Digital camera Vulnerability Permits Distant Code Execution by Attackers

Admin by Admin
May 9, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Important safety vulnerabilities in Ubiquiti’s UniFi Shield surveillance ecosystem-one rated the utmost severity rating of 10.0-could enable attackers to hijack cameras, execute malicious code remotely, and preserve unauthorized entry to video feeds.

The issues, disclosed on Could 6, 2025, have an effect on the UniFi Shield Cameras firmware and the UniFi Shield Software, exposing enterprise and residential surveillance methods to exploitation.

Safety researchers have urged rapid patching to mitigate dangers of community compromise and privateness breaches.

– Commercial –
Google News

Probably the most extreme vulnerability, tracked as CVE-2025-23123, stems from a heap buffer overflow within the firmware of UniFi Shield Cameras (variations 4.75.43 and earlier).

Attackers with entry to the administration community can exploit this flaw to set off distant code execution (RCE), granting full management over affected units.

The vulnerability’s CVSS v3.0 rating of 10.0 displays its criticality, with the assault vector categorized as network-based (AV:N), requiring no consumer interplay or privileges (PR:N/UI:N).

Heap buffer overflows happen when a program writes knowledge past the allotted reminiscence house, corrupting adjoining knowledge buildings.

On this case, malformed community packets despatched to the digital camera’s administration interface overwhelm the buffer, enabling attackers to overwrite vital reminiscence addresses.

Profitable exploitation may enable deployment of malware, manipulation of video feeds, or lateral motion throughout linked networks.

The flaw’s “excessive” impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) underscore its potential to disrupt bodily safety infrastructure.

Researcher Mathew Marcus, credited with discovering the vulnerability, emphasised that unpatched cameras in company or vital infrastructure environments may function entry factors for ransomware assaults or espionage.

Ubiquiti has not disclosed whether or not energetic exploitation has been noticed, however the absence of exploit complexity (AC:L) suggests low obstacles for risk actors.

Misconfigured Livestream Sharing Tokens

A secondary vulnerability, CVE-2025-23164 (CVSS 4.4), impacts the UniFi Shield Software (variations 5.3.41 and earlier).

The flaw resides within the “Share Livestream” function, which generates time-limited entry hyperlinks for exterior customers.

On account of a misconfigured token revocation mechanism, recipients of disabled hyperlinks retain entry to livestreams indefinitely.

Whereas much less extreme than the RCE flaw, this oversight creates persistent privateness dangers, notably for organizations sharing delicate footage.

The assault vector requires preliminary entry to a official livestream hyperlink (PR:H) and hinges on Ubiquiti’s failure to invalidate tokens upon hyperlink deactivation.

Although the complexity is excessive (AC:H), profitable exploitation permits unauthorized events to watch video feeds covertly.

Researcher Mike S Schonert famous that risk actors may mix this flaw with social engineering ways to reap legitimate hyperlinks, amplifying the danger of knowledge leaks.

Not like the network-wide implications of CVE-2025-23123, this vulnerability’s scope is proscribed to compromised livestreams (S:U).

Nevertheless, industries like healthcare or education-where video feeds usually comprise delicate private data-face heightened publicity.

Ubiquiti’s advisory confirms that the flaw doesn’t allow entry to historic footage or different system parts, mitigating its broader impression.

Mitigation and Vendor Response

Ubiquiti has launched firmware updates to deal with each vulnerabilities. UniFi Shield Cameras have to be upgraded to model 4.75.62 or later to resolve CVE-2025-23123, whereas the UniFi Shield Software requires model 5.3.45 or newer to repair CVE-2025-23164.

The patches, distributed through Ubiquiti’s auto-update mechanism, modify reminiscence administration routines within the digital camera firmware and introduce strict token expiration protocols within the Shield Software.

Organizations unable to use rapid updates ought to phase surveillance networks from vital infrastructure, prohibit administration interface entry, and audit energetic livestream hyperlinks.

Ubiquiti has additionally really helpful disabling the “Share Livestream” function till patches are deployed, although this may occasionally hinder collaboration in safety operations facilities.

Whereas no workarounds exist for the RCE vulnerability, its exploitation requires proximity to the administration community.

Enterprises ought to implement zero-trust ideas, requiring multi-factor authentication for community entry and monitoring for anomalous visitors patterns.

The staggered disclosure timeline-with fixes launched concurrently with advisories-highlights the coordinated effort between Ubiquiti and exterior researchers to attenuate publicity home windows.

As surveillance methods more and more combine with IoT ecosystems, these vulnerabilities underscore the significance of firmware hygiene.

With over 1.2 million UniFi Shield units deployed globally, well timed patching stays the simplest protection in opposition to weaponized exploits concentrating on bodily and digital safety infrastructures.

Tags: AttackersCameraCodeExecutionprotectRemoteUbiquitiUnifiVulnerability
Admin

Admin

Next Post
Most Iconic JoJo’s Weird Journey Poses

Most Iconic JoJo's Weird Journey Poses

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

May 17, 2025
Reconeyez Launches New Web site | SDM Journal

Reconeyez Launches New Web site | SDM Journal

May 15, 2025
Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

May 18, 2025
Flip Your Toilet Right into a Good Oasis

Flip Your Toilet Right into a Good Oasis

May 15, 2025
Apollo joins the Works With House Assistant Program

Apollo joins the Works With House Assistant Program

May 17, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How authorities cyber cuts will have an effect on you and your enterprise

How authorities cyber cuts will have an effect on you and your enterprise

July 9, 2025
Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

July 9, 2025
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved