Ubiquiti Networks - HackerOne Bug Reports

4,419 Bug Reports - $2,030,173 Paid Out
Last Updated: 12th September, 2017

Team	Bounty	Title
Ubiquiti Networks	-	CRLF Injection on openvpn.svc.ubnt.com
Ubiquiti Networks	$100	HTML Injection on airlink.ubnt.com
Ubiquiti Networks	$100	Expired SSL certificate
Ubiquiti Networks	-	200 http code in 403 forbidden directories on main Ubnt.com domain
Ubiquiti Networks	$150	XSS
Ubiquiti Networks	$500	[dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies
Ubiquiti Networks	$6,000	Ability to log in as any user without authentication if █████████ is empty
Ubiquiti Networks	-	XSS via SVG file
Ubiquiti Networks	-	Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry
Ubiquiti Networks	$100	Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.
Ubiquiti Networks	$1,000	sqli
Ubiquiti Networks	-	Weak credentials for nutty.ubnt.com
Ubiquiti Networks	$150	AirFibre products vulnerable to HTTP Header injection
Ubiquiti Networks	-	Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header
Ubiquiti Networks	$600	Wordpress directories/files visible to internet
Ubiquiti Networks	$150	Can upload files without authentication on AirFibre 3.2
Ubiquiti Networks	$100	[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
Ubiquiti Networks	$2,000	[EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users
Ubiquiti Networks	$500	Subdomain Takeover (moderator.ubnt.com)
Ubiquiti Networks	$500	Stored XSS in community.ubnt.com
Ubiquiti Networks	$500	Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com
Ubiquiti Networks	$150	[scores.ubnt.com] DOM based XSS at form.html
Ubiquiti Networks	$500	IDOR Causing Deletion of any account
Ubiquiti Networks	$185	Reflected Xss in AirMax [Nanostation Loco M2]
Ubiquiti Networks	$1,000	Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
Ubiquiti Networks	$150	[account-global.ubnt.com] CRLF Injection
Ubiquiti Networks	$125	Stored XSS in unifi.ubnt.com
Ubiquiti Networks	$260	Open Redirect in unifi.ubnt.com [Controller Finder]
Ubiquiti Networks	$2,750	Read-Only user can execute arbitraty shell commands on AirOS
Ubiquiti Networks	$1,000	Source code disclosure on https://107.23.69.180
Ubiquiti Networks	$275	Reflected XSS in scores.ubnt.com
Ubiquiti Networks	$1,500	Read-Only user can execute arbitraty shell commands on AirOS
Ubiquiti Networks	$1,300	Shell Injection via Web Management Console (dl-fw.cgi)
Ubiquiti Networks	$1,500	Read-Only user can execute arbitraty shell commands on AirOS
Ubiquiti Networks	$1,000	Auth bypass on directory.corp.ubnt.com
Ubiquiti Networks	$500	Subdomain Takeover in http://assets.goubiquiti.com/
Ubiquiti Networks	$150	Reflected File Download in community.ubnt.com/restapi/
Ubiquiti Networks	$200	account.ubnt.com CSRF
Ubiquiti Networks	$500	Yet another Buffer Overflow in PHP of the AirMax Products
Ubiquiti Networks	$500	Other Buffer Overflow in PHP of the AirMax Products
Ubiquiti Networks	$250	Buffer Overflow in PHP of the AirMax Products
Ubiquiti Networks	$18,000	Arbritrary file Upload on AirMax
Ubiquiti Networks	$500	UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass
Ubiquiti Networks	$500	CSRF in login form would led to account takeover