First published: Thu Feb 09 2023(Updated: )
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ui Usg Firmware | <4.4.57 | |
Ui Usg | ||
Ui Usg-pro-4 Firmware | <4.4.57 | |
Ui Usg-pro-4 | ||
Ui Er-10x Firmware | <2.0.9 | |
Ui Er-10x Firmware | =2.0.9 | |
Ui Er-10x Firmware | =2.0.9-hotfix2 | |
Ui Er-10x Firmware | =2.0.9-hotfix4 | |
Ui Er-10x Firmware | =2.0.9-hotfix5 | |
Ui Er-10x | ||
Ui Er-12 Firmware | <2.0.9 | |
Ui Er-12 Firmware | =2.0.9 | |
Ui Er-12 Firmware | =2.0.9-hotfix2 | |
Ui Er-12 Firmware | =2.0.9-hotfix4 | |
Ui Er-12 Firmware | =2.0.9-hotfix5 | |
Ui Er-12 | ||
Ui Er-12p Firmware | <2.0.9 | |
Ui Er-12p Firmware | =2.0.9 | |
Ui Er-12p Firmware | =2.0.9-hotfix2 | |
Ui Er-12p Firmware | =2.0.9-hotfix4 | |
Ui Er-12p Firmware | =2.0.9-hotfix5 | |
Ui Er-12p | ||
Ui Er-4 Firmware | <2.0.9 | |
Ui Er-4 Firmware | =2.0.9 | |
Ui Er-4 Firmware | =2.0.9-hotfix2 | |
Ui Er-4 Firmware | =2.0.9-hotfix4 | |
Ui Er-4 Firmware | =2.0.9-hotfix5 | |
Ui Er-4 | ||
Ui Er-6p Firmware | <2.0.9 | |
Ui Er-6p Firmware | =2.0.9 | |
Ui Er-6p Firmware | =2.0.9-hotfix2 | |
Ui Er-6p Firmware | =2.0.9-hotfix4 | |
Ui Er-6p Firmware | =2.0.9-hotfix5 | |
Ui Er-6p | ||
Ui Er-8-xg Firmware | <2.0.9 | |
Ui Er-8-xg Firmware | =2.0.9 | |
Ui Er-8-xg Firmware | =2.0.9-hotfix2 | |
Ui Er-8-xg Firmware | =2.0.9-hotfix4 | |
Ui Er-8-xg Firmware | =2.0.9-hotfix5 | |
Ui Er-8-xg | ||
Ui Er-x Firmware | <2.0.9 | |
Ui Er-x Firmware | =2.0.9 | |
Ui Er-x Firmware | =2.0.9-hotfix2 | |
Ui Er-x Firmware | =2.0.9-hotfix4 | |
Ui Er-x Firmware | =2.0.9-hotfix5 | |
Ui Er-x | ||
Ui Er-x-sfp Firmware | <2.0.9 | |
Ui Er-x-sfp Firmware | =2.0.9 | |
Ui Er-x-sfp Firmware | =2.0.9-hotfix2 | |
Ui Er-x-sfp Firmware | =2.0.9-hotfix4 | |
Ui Er-x-sfp Firmware | =2.0.9-hotfix5 | |
Ui Er-x-sfp |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23912 is a vulnerability found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allowing a malicious actor to directly connect to the WAN interface of the affected device.
CVE-2023-23912 has a severity rating of 8.8, which is considered high.
To fix CVE-2023-23912, update your EdgeRouters to Version 2.0.9-hotfix.6 or later, or update your UniFi Security Gateways (USG) to Version 4.4.57 or later.
If you are using EdgeRouters Version 2.0.9-hotfix.5 or earlier, or UniFi Security Gateways (USG) Version 4.4.56 or earlier with DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, then your device is affected by CVE-2023-23912.
You can find more information about CVE-2023-23912 in the security advisory bulletin released by the community.ui.com. Please refer to the following link: [Security Advisory Bulletin](https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f).