Command injection

2023-04-2815:15:00

PRIOn knowledge base

www.prio-n.com

ubiquiti edgerouter x

vulnerability

command injection

web management interface

remote attack

exploit

public disclosure

vdb-227650

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
er-x-sfp_firmwarelt2.0.9
er-x-sfp_firmwareeq2.0.9 hotfix2
er-x-sfp_firmwareeq2.0.9 hotfix4
er-x-sfp_firmwareeq2.0.9 hotfix5
er-x-sfp_firmwareeq2.0.9
er-x-sfp_firmwareeq2.0.9 hotfix6
er-x_firmwarelt2.0.9
er-x_firmwareeq2.0.9 hotfix2
er-x_firmwareeq2.0.9 hotfix4
er-x_firmwareeq2.0.9 hotfix5

Name	Operator	Version
er-x-sfp_firmware	lt	2.0.9
er-x-sfp_firmware	eq	2.0.9 hotfix2
er-x-sfp_firmware	eq	2.0.9 hotfix4
er-x-sfp_firmware	eq	2.0.9 hotfix5
er-x-sfp_firmware	eq	2.0.9
er-x-sfp_firmware	eq	2.0.9 hotfix6
er-x_firmware	lt	2.0.9
er-x_firmware	eq	2.0.9 hotfix2
er-x_firmware	eq	2.0.9 hotfix4
er-x_firmware	eq	2.0.9 hotfix5