CVE-2023-2375

Published: Apr 28, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.

Affected (14)

Products: Ui: Er X Firmware, Er X Sfp Firmware

2 products

Er X Firmware

Er X Sfp Firmware

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Firmware	Before 2.0.9
Ui Er X Firmware	Version 2.0.9
Ui Er X Firmware	Version 2.0.9 hotfix2
Ui Er X Firmware	Version 2.0.9 hotfix3
Ui Er X Firmware	Version 2.0.9 hotfix4
Ui Er X Firmware	Version 2.0.9 hotfix5
Ui Er X Firmware	Version 2.0.9 hotfix6

Running on/with	Platform Versions
Ui Er X	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Sfp Firmware	Before 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9 hotfix2
Ui Er X Sfp Firmware	Version 2.0.9 hotfix3
Ui Er X Sfp Firmware	Version 2.0.9 hotfix4
Ui Er X Sfp Firmware	Version 2.0.9 hotfix5
Ui Er X Sfp Firmware	Version 2.0.9 hotfix6