CVE-2023-23912
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/02/2023
Last modified:
24/03/2025
Description
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:* | 4.4.57 (excluding) | |
| cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:* | 4.4.57 (excluding) | |
| cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page