CVE-2023-2376

Published: Apr 28, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.

Affected (14)

Products: Ui: Er X Firmware, Er X Sfp Firmware

2 products

Er X Firmware

Er X Sfp Firmware

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Firmware	Before 2.0.9
Ui Er X Firmware	Version 2.0.9
Ui Er X Firmware	Version 2.0.9 hotfix2
Ui Er X Firmware	Version 2.0.9 hotfix3
Ui Er X Firmware	Version 2.0.9 hotfix4
Ui Er X Firmware	Version 2.0.9 hotfix5
Ui Er X Firmware	Version 2.0.9 hotfix6

Running on/with	Platform Versions
Ui Er X	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Sfp Firmware	Before 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9 hotfix2
Ui Er X Sfp Firmware	Version 2.0.9 hotfix3
Ui Er X Sfp Firmware	Version 2.0.9 hotfix4
Ui Er X Sfp Firmware	Version 2.0.9 hotfix5
Ui Er X Sfp Firmware	Version 2.0.9 hotfix6