Vulnerabilities > CVE-2023-2378 - Unspecified vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-04-28

Updated: 2024-11-21

Summary

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Ui UI ER X Firmware - UI ER X Firmware 2.0.0 UI ER X Firmware 2.0.1 UI ER X Firmware 2.0.2 UI ER X Firmware 2.0.3 UI ER X Firmware 2.0.9 UI ER X SFP Firmware - UI ER X SFP Firmware 2.0.0 UI ER X SFP Firmware 2.0.1 UI ER X SFP Firmware 2.0.2 UI ER X SFP Firmware 2.0.3 UI ER X SFP Firmware 2.0.9	22
Hardware	Ui UI ER X - UI ER X SFP -	2

Summary

Vulnerable Configurations

References