Remote code execution

2023-02-0920:15:00

PRIOn knowledge base

www.prio-n.com

remote code execution

edgerouters

usg

dhcpv6

vulnerability

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

CPENameOperatorVersion
er-10x_firmwarelt2.0.9
er-10x_firmwareeq2.0.9 hotfix2
er-10x_firmwareeq2.0.9 hotfix4
er-10x_firmwareeq2.0.9 hotfix5
er-10x_firmwareeq2.0.9
er-12_firmwarelt2.0.9
er-12_firmwareeq2.0.9 hotfix2
er-12_firmwareeq2.0.9 hotfix4
er-12_firmwareeq2.0.9 hotfix5
er-12_firmwareeq2.0.9

Name	Operator	Version
er-10x_firmware	lt	2.0.9
er-10x_firmware	eq	2.0.9 hotfix2
er-10x_firmware	eq	2.0.9 hotfix4
er-10x_firmware	eq	2.0.9 hotfix5
er-10x_firmware	eq	2.0.9
er-12_firmware	lt	2.0.9
er-12_firmware	eq	2.0.9 hotfix2
er-12_firmware	eq	2.0.9 hotfix4
er-12_firmware	eq	2.0.9 hotfix5
er-12_firmware	eq	2.0.9