CVE-2023-2375: Ubiquiti EdgeRouter X Web Management Interface command injection
First published: Fri Apr 28 2023(Updated: )
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix3 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp | ||
| All of | ||
| Any of | ||
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix3 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| All of | ||
| Any of | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-2375?
The severity of CVE-2023-2375 is high with a severity value of 8.8.
How does CVE-2023-2375 affect Ubiquiti EdgeRouter X?
CVE-2023-2375 affects Ubiquiti EdgeRouter X up to version 2.0.9-hotfix.6.
What is the vulnerability description of CVE-2023-2375?
CVE-2023-2375 is a critical vulnerability in the Web Management Interface of Ubiquiti EdgeRouter X that allows remote command injection.
How can I fix CVE-2023-2375?
To fix CVE-2023-2375, upgrade your Ubiquiti EdgeRouter X firmware to version 2.0.9-hotfix.7 or later.
Where can I find more information about CVE-2023-2375?
You can find more information about CVE-2023-2375 at the following references: [link1], [link2].
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/ui
- canonical/ui er-x firmware
- version/ui er-x firmware/2.0.9
- version/ui er-x firmware/2.0.9-hotfix2
- version/ui er-x firmware/2.0.9-hotfix3
- version/ui er-x firmware/2.0.9-hotfix4
- version/ui er-x firmware/2.0.9-hotfix5
- version/ui er-x firmware/2.0.9-hotfix6
- canonical/ui er-x
- canonical/ui er-x-sfp firmware
- version/ui er-x-sfp firmware/2.0.9
- version/ui er-x-sfp firmware/2.0.9-hotfix2
- version/ui er-x-sfp firmware/2.0.9-hotfix3
- version/ui er-x-sfp firmware/2.0.9-hotfix4
- version/ui er-x-sfp firmware/2.0.9-hotfix5
- version/ui er-x-sfp firmware/2.0.9-hotfix6
- canonical/ui er-x-sfp