Ubiquiti EdgeRouter X Web Management Interface command injection
CVE-2023-2375

8.8HIGH

Key Information:

Vendor: Ubiquiti
Status: EdgeRouter X
Vendor: CVE Published:; 28 April 2023

🔔 Create Ubiquiti Vulnerability Alert

What is CVE-2023-2375?

A command injection vulnerability has been identified in Ubiquiti EdgeRouter X, specifically affecting the Web Management Interface. This vulnerability allows an attacker to manipulate the 'src' argument, potentially executing unauthorized commands remotely. As this exploit has been made public, immediate steps should be taken to address this issue in the affected versions.

Affected Version(s)

EdgeRouter X 2.0.9-hotfix.0

EdgeRouter X 2.0.9-hotfix.1

EdgeRouter X 2.0.9-hotfix.2

References

https://vuldb.com/?id.227651

vdb-entrytechnical-description

https://vuldb.com/?ctiid.227651

signaturepermissions-required

https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7

broken-linkexploit

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2023
Vulnerability Reserved
Apr 28, 2023

Credit

leetmoon (VulDB User)

.