Command injection

2023-04-2815:15:00

PRIOn knowledge base

www.prio-n.com

ubiquiti edgerouter x

command injection

remote attack

web management interface

vulnerability

critical

nvd

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.

CPENameOperatorVersion
er-x-sfp_firmwarelt2.0.9
er-x-sfp_firmwareeq2.0.9 hotfix2
er-x-sfp_firmwareeq2.0.9 hotfix4
er-x-sfp_firmwareeq2.0.9 hotfix5
er-x-sfp_firmwareeq2.0.9
er-x-sfp_firmwareeq2.0.9 hotfix6
er-x-sfp_firmwareeq2.0.9 hotfix3
er-x_firmwarelt2.0.9
er-x_firmwareeq2.0.9 hotfix2
er-x_firmwareeq2.0.9 hotfix4

Name	Operator	Version
er-x-sfp_firmware	lt	2.0.9
er-x-sfp_firmware	eq	2.0.9 hotfix2
er-x-sfp_firmware	eq	2.0.9 hotfix4
er-x-sfp_firmware	eq	2.0.9 hotfix5
er-x-sfp_firmware	eq	2.0.9
er-x-sfp_firmware	eq	2.0.9 hotfix6
er-x-sfp_firmware	eq	2.0.9 hotfix3
er-x_firmware	lt	2.0.9
er-x_firmware	eq	2.0.9 hotfix2
er-x_firmware	eq	2.0.9 hotfix4