CVE-2023-2376

MEDIUM

Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection

Title source: llm
STIX 2.1

Description

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.227652
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.227652
Exploit, Third Party Advisory broken-link exploit
https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8

Scores

CVSS v3 6.3
EPSS 0.0431
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-77
Status published
Products (4)
ui/er-x-sfp_firmware 2.0.9 (6 CPE variants)
ui/er-x-sfp_firmware < 2.0.9
ui/er-x_firmware 2.0.9 (6 CPE variants)
ui/er-x_firmware < 2.0.9
Published Apr 28, 2023
Tracked Since Feb 18, 2026