CVE-2023-23912
HIGHUbiquiti EdgeRouter and UniFi Security Gateway - WAN Remote Code Execution
Title source: manualDescription
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
References (1)
Core 1
Core References
Exploit, Patch, Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f
Scores
CVSS v3
8.8
EPSS
0.0089
EPSS Percentile
54.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-75
CWE-94
Status
published
Products (18)
ui/er-10x_firmware
2.0.9 (4 CPE variants)
ui/er-10x_firmware
< 2.0.9
ui/er-12_firmware
2.0.9 (4 CPE variants)
ui/er-12_firmware
< 2.0.9
ui/er-12p_firmware
2.0.9 (4 CPE variants)
ui/er-12p_firmware
< 2.0.9
ui/er-4_firmware
2.0.9 (4 CPE variants)
ui/er-4_firmware
< 2.0.9
ui/er-6p_firmware
2.0.9 (4 CPE variants)
ui/er-6p_firmware
< 2.0.9
... and 8 more
Published
Feb 09, 2023
Tracked Since
Feb 18, 2026