CVE-2023-2374

Published: Apr 28, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.

Affected (13)

Products: Ui: Er X Firmware, Er X Sfp Firmware

2 products

Er X Firmware

Er X Sfp Firmware

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Firmware	Before 2.0.9
Ui Er X Firmware	Version 2.0.9
Ui Er X Firmware	Version 2.0.9 hotfix2
Ui Er X Firmware	Version 2.0.9 hotfix3
Ui Er X Firmware	Version 2.0.9 hotfix4
Ui Er X Firmware	Version 2.0.9 hotfix5
Ui Er X Firmware	Version 2.0.9 hotfix6

Running on/with	Platform Versions
Ui Er X	All versions

Configuration B

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Sfp Firmware	Before 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9 hotfix2
Ui Er X Sfp Firmware	Version 2.0.9 hotfix4
Ui Er X Sfp Firmware	Version 2.0.9 hotfix5
Ui Er X Sfp Firmware	Version 2.0.9 hotfix6