CVE-2023-2378
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
28/04/2023
Last modified:
17/05/2024
Description
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page