CVE-2023-2378

Published: Apr 28, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.

Affected (14)

Products: Ui: Er X Firmware, Er X Sfp Firmware

2 products

Er X Firmware

Er X Sfp Firmware

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Firmware	Before 2.0.9
Ui Er X Firmware	Version 2.0.9
Ui Er X Firmware	Version 2.0.9 hotfix2
Ui Er X Firmware	Version 2.0.9 hotfix3
Ui Er X Firmware	Version 2.0.9 hotfix4
Ui Er X Firmware	Version 2.0.9 hotfix5
Ui Er X Firmware	Version 2.0.9 hotfix6

Running on/with	Platform Versions
Ui Er X	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Er X Sfp Firmware	Before 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9
Ui Er X Sfp Firmware	Version 2.0.9 hotfix2
Ui Er X Sfp Firmware	Version 2.0.9 hotfix3
Ui Er X Sfp Firmware	Version 2.0.9 hotfix4
Ui Er X Sfp Firmware	Version 2.0.9 hotfix5
Ui Er X Sfp Firmware	Version 2.0.9 hotfix6