CVE-2023-2376: Ubiquiti EdgeRouter X Web Management Interface command injection
First published: Fri Apr 28 2023(Updated: )
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix3 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp | ||
| All of | ||
| Any of | ||
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix3 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| All of | ||
| Any of | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-2376?
CVE-2023-2376 is a vulnerability found in Ubiquiti EdgeRouter X web management interface, allowing remote command injection.
What is the severity of CVE-2023-2376?
CVE-2023-2376 has a severity rating of 8.8 (high).
How does CVE-2023-2376 affect Ubiquiti EdgeRouter X firmware?
CVE-2023-2376 affects Ubiquiti EdgeRouter X firmware up to version 2.0.9-hotfix.6.
How can I fix the CVE-2023-2376 vulnerability?
To fix the CVE-2023-2376 vulnerability, it is recommended to update the Ubiquiti EdgeRouter X firmware to version 2.0.9-hotfix.6 or higher.
Where can I find more information about CVE-2023-2376?
You can find more information about CVE-2023-2376 at the following references: [link 1](https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8), [link 2](https://vuldb.com/?ctiid.227652), [link 3](https://vuldb.com/?id.227652)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/ui
- canonical/ui er-x firmware
- version/ui er-x firmware/2.0.9
- version/ui er-x firmware/2.0.9-hotfix2
- version/ui er-x firmware/2.0.9-hotfix3
- version/ui er-x firmware/2.0.9-hotfix4
- version/ui er-x firmware/2.0.9-hotfix5
- version/ui er-x firmware/2.0.9-hotfix6
- canonical/ui er-x
- canonical/ui er-x-sfp firmware
- version/ui er-x-sfp firmware/2.0.9
- version/ui er-x-sfp firmware/2.0.9-hotfix2
- version/ui er-x-sfp firmware/2.0.9-hotfix3
- version/ui er-x-sfp firmware/2.0.9-hotfix4
- version/ui er-x-sfp firmware/2.0.9-hotfix5
- version/ui er-x-sfp firmware/2.0.9-hotfix6
- canonical/ui er-x-sfp