CVE-2023-2376

Summary

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.

Affected Software

VendorProductVersion RangeStatus
UbiquitiEdgeRouter X2.0.9-hotfix.0affected
UbiquitiEdgeRouter X2.0.9-hotfix.1affected
UbiquitiEdgeRouter X2.0.9-hotfix.2affected
UbiquitiEdgeRouter X2.0.9-hotfix.3affected
UbiquitiEdgeRouter X2.0.9-hotfix.4affected
UbiquitiEdgeRouter X2.0.9-hotfix.5affected
UbiquitiEdgeRouter X2.0.9-hotfix.6affected

Weaknesses

  • CWE-77: CWE-77 Command Injection

ADP Enrichment

CVE Program Container

Additional References

References