CVE-2023-2377: Ubiquiti EdgeRouter X Web Management Interface command injection
First published: Fri Apr 28 2023(Updated: )
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp | ||
| All of | ||
| Any of | ||
| Ui Er-x Firmware | <2.0.9 | |
| Ui Er-x Firmware | =2.0.9 | |
| Ui Er-x Firmware | =2.0.9-hotfix2 | |
| Ui Er-x Firmware | =2.0.9-hotfix4 | |
| Ui Er-x Firmware | =2.0.9-hotfix5 | |
| Ui Er-x Firmware | =2.0.9-hotfix6 | |
| Ui Er-x | ||
| All of | ||
| Any of | ||
| Ui Er-x-sfp Firmware | <2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix3 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
| Ui Er-x-sfp Firmware | =2.0.9-hotfix6 | |
| Ui Er-x-sfp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-2377?
The severity of CVE-2023-2377 is high with a severity value of 8.8.
What component is affected by CVE-2023-2377?
The Web Management Interface component is affected by CVE-2023-2377.
How can CVE-2023-2377 be exploited?
CVE-2023-2377 can be exploited through command injection by manipulating the argument name.
Which versions of Ubiquiti EdgeRouter X are affected by CVE-2023-2377?
Ubiquiti EdgeRouter X up to version 2.0.9-hotfix.6 are affected by CVE-2023-2377.
How can I fix CVE-2023-2377?
Update your Ubiquiti EdgeRouter X firmware to a version higher than 2.0.9-hotfix.6 to fix CVE-2023-2377.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/ui
- canonical/ui er-x firmware
- version/ui er-x firmware/2.0.9
- version/ui er-x firmware/2.0.9-hotfix2
- version/ui er-x firmware/2.0.9-hotfix4
- version/ui er-x firmware/2.0.9-hotfix5
- version/ui er-x firmware/2.0.9-hotfix6
- canonical/ui er-x
- canonical/ui er-x-sfp firmware
- version/ui er-x-sfp firmware/2.0.9
- version/ui er-x-sfp firmware/2.0.9-hotfix2
- version/ui er-x-sfp firmware/2.0.9-hotfix3
- version/ui er-x-sfp firmware/2.0.9-hotfix4
- version/ui er-x-sfp firmware/2.0.9-hotfix5
- version/ui er-x-sfp firmware/2.0.9-hotfix6
- canonical/ui er-x-sfp