CVE-2023-2375

🗓️ 28 Apr 2023 15:00:07Reported by VulDBType

Vulnerability in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6, allows remote command injection (CVE-2023-2375

Reporter	Title	Published	Views	Family All 10
GithubExploit	Exploit for Command Injection in Ui Er-X_Firmware	2 Jul 202423:50	–	githubexploit
Circl	CVE-2023-2375	28 Apr 202318:27	–	circl
CNNVD	Ubiquiti EdgeRouter 命令注入漏洞	28 Apr 202300:00	–	cnnvd
Cvelist	CVE-2023-2375 Ubiquiti EdgeRouter X Web Management Interface command injection	28 Apr 202315:00	–	cvelist
EUVD	EUVD-2023-33865	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2375	28 Apr 202315:15	–	nvd
OSV	CVE-2023-2375	28 Apr 202315:15	–	osv
Prion	Command injection	28 Apr 202315:15	–	prion
Positive Technologies	PT-2023-19174 · Ubiquiti · Ubiquiti Edgerouter X	28 Apr 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2375	23 May 202501:48	–	redhatcve

NVD

Vulners

Node

ui er-x_firmwareRange<2.0.9

ui er-x_firmwareMatch2.0.9-

ui er-x_firmwareMatch2.0.9hotfix2

ui er-x_firmwareMatch2.0.9hotfix3

ui er-x_firmwareMatch2.0.9hotfix4

ui er-x_firmwareMatch2.0.9hotfix5

ui er-x_firmwareMatch2.0.9hotfix6

AND

ui er-xMatch-

Node

ui er-x-sfp_firmwareRange<2.0.9

ui er-x-sfp_firmwareMatch2.0.9-

ui er-x-sfp_firmwareMatch2.0.9hotfix2

ui er-x-sfp_firmwareMatch2.0.9hotfix3

ui er-x-sfp_firmwareMatch2.0.9hotfix4

ui er-x-sfp_firmwareMatch2.0.9hotfix5

ui er-x-sfp_firmwareMatch2.0.9hotfix6

AND

ui er-x-sfpMatch-

[
  {
    "vendor": "Ubiquiti",
    "product": "EdgeRouter X",
    "versions": [
      {
        "version": "2.0.9-hotfix.0",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.1",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.2",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.3",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.4",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.5",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.6",
        "status": "affected"
      }
    ],
    "modules": [
      "Web Management Interface"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7
vuldb	www.vuldb.com/

21 Nov 2024 07:58Current

7.9High risk

Vulners AI Score7.9

CVSS 3.16.3 - 8.8

CVSS 26.5

CVSS 36.3

EPSS0.07596

CWE-77

vulnerability ubiquiti edgerouter x command injection cve-2023-2375 remote attack web management interface