What is the title of CVE-2023-2378?

The title of CVE-2023-2378 is Ubiquiti EdgeRouter X Web Management Interface command injection.

What is the severity of CVE-2023-2378?

The severity of CVE-2023-2378 is rated as high (8.8).

What is affected by CVE-2023-2378?

The Web Management Interface component of Ubiquiti EdgeRouter X up to version 2.0.9-hotfix.6 is affected by CVE-2023-2378.

How can CVE-2023-2378 be exploited?

CVE-2023-2378 can be exploited through command injection by manipulating the argument suffix-rate-up.

Are there any known fixes for CVE-2023-2378?

No specific fix information is provided for CVE-2023-2378. It is recommended to apply the latest updates from the vendor.

Vulnerability/
CVE-2023-2378

high

8.8

CWE

28/4/2023

2/8/2024

CVE-2023-2378: Ubiquiti EdgeRouter X Web Management Interface command injection

First published: Fri Apr 28 2023(Updated: )

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
Ui Er-x Firmware	<2.0.9
Ui Er-x Firmware	=2.0.9
Ui Er-x Firmware	=2.0.9-hotfix2
Ui Er-x Firmware	=2.0.9-hotfix3
Ui Er-x Firmware	=2.0.9-hotfix4
Ui Er-x Firmware	=2.0.9-hotfix5
Ui Er-x Firmware	=2.0.9-hotfix6
Ui Er-x
Ui Er-x-sfp Firmware	<2.0.9
Ui Er-x-sfp Firmware	=2.0.9
Ui Er-x-sfp Firmware	=2.0.9-hotfix2
Ui Er-x-sfp Firmware	=2.0.9-hotfix3
Ui Er-x-sfp Firmware	=2.0.9-hotfix4
Ui Er-x-sfp Firmware	=2.0.9-hotfix5
Ui Er-x-sfp Firmware	=2.0.9-hotfix6
Ui Er-x-sfp
All of
Any of
	<2.0.9
	=2.0.9
	=2.0.9-hotfix2
	=2.0.9-hotfix3
	=2.0.9-hotfix4
	=2.0.9-hotfix5
	=2.0.9-hotfix6

All of
Any of
	<2.0.9
	=2.0.9
	=2.0.9-hotfix2
	=2.0.9-hotfix3
	=2.0.9-hotfix4
	=2.0.9-hotfix5
	=2.0.9-hotfix6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the title of CVE-2023-2378?
The title of CVE-2023-2378 is Ubiquiti EdgeRouter X Web Management Interface command injection.
What is the severity of CVE-2023-2378?
The severity of CVE-2023-2378 is rated as high (8.8).
What is affected by CVE-2023-2378?
The Web Management Interface component of Ubiquiti EdgeRouter X up to version 2.0.9-hotfix.6 is affected by CVE-2023-2378.
How can CVE-2023-2378 be exploited?
CVE-2023-2378 can be exploited through command injection by manipulating the argument suffix-rate-up.
Are there any known fixes for CVE-2023-2378?
No specific fix information is provided for CVE-2023-2378. It is recommended to apply the latest updates from the vendor.

collector/nvd-index
agent/type
agent/first-publish-date
agent/author
agent/weakness
agent/references
agent/severity
agent/title
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/ui
canonical/ui er-x firmware
version/ui er-x firmware/2.0.9
version/ui er-x firmware/2.0.9-hotfix2
version/ui er-x firmware/2.0.9-hotfix3
version/ui er-x firmware/2.0.9-hotfix4
version/ui er-x firmware/2.0.9-hotfix5
version/ui er-x firmware/2.0.9-hotfix6
canonical/ui er-x
canonical/ui er-x-sfp firmware
version/ui er-x-sfp firmware/2.0.9
version/ui er-x-sfp firmware/2.0.9-hotfix2
version/ui er-x-sfp firmware/2.0.9-hotfix3
version/ui er-x-sfp firmware/2.0.9-hotfix4
version/ui er-x-sfp firmware/2.0.9-hotfix5
version/ui er-x-sfp firmware/2.0.9-hotfix6
canonical/ui er-x-sfp