CVE-2023-2377

Published: Apr 28, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability.

Affected (13)

Products: Ui: Er X Firmware, Er X Sfp Firmware

2 products

Er X Firmware

Er X Sfp Firmware

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Firmware	Before 2.0.9
Ui Er X Firmware	Version 2.0.9
Ui Er X Firmware	Version 2.0.9 hotfix2
Ui Er X Firmware	Version 2.0.9 hotfix4
Ui Er X Firmware	Version 2.0.9 hotfix5
Ui Er X Firmware	Version 2.0.9 hotfix6

Running on/with	Platform Versions
Ui Er X	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Sfp Firmware	Before 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9 hotfix2
Ui Er X Sfp Firmware	Version 2.0.9 hotfix3
Ui Er X Sfp Firmware	Version 2.0.9 hotfix4
Ui Er X Sfp Firmware	Version 2.0.9 hotfix5
Ui Er X Sfp Firmware	Version 2.0.9 hotfix6