CVE-2023-1457

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the...

Command injection

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

Command injection

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the...

CVE-2023-1458

CVE-2023-1458 concerns Ubiquiti EdgeRouter X (2.0.9-hotfix.6). The issue resides in the OSPF Handler component, where manipulation of the argument area can cause remote command injection. Multiple sources confirm the vulnerability exists for EdgeRouter X and that exploitation could be remote, wit...

CVE-2023-1458

A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The...

CVE-2023-1457

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the...

CVE-2023-1456

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

Ubiquiti EdgeRouter 命令注入漏洞

Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, which stems from the presence of an unknown function in the component OSPF Handler, which leads to command injection via the parameter areaa...

PT-2023-7473 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execut...

CVE-2023-1456

CVE-2023-1456 affects Ubiquiti EdgeRouter X firmware 2.0.9-hotfix.6. The root cause is insufficient input validation in the NAT Configuration Handler, enabling remote command injection. Several sources confirm a remote exploit possibility; exploitation status is not uniformly characterized, but P...

CVE-2023-1457

CVE-2023-1457 affects Ubiquiti EdgeRouter X 2.0.9-hotfix.6. The vulnerability is in the Static Routing Configuration Handler, where manipulating the next-hop-interface argument leads to command injection. It can be exploited remotely; some sources note the public exploit and dispute the vulnerabi...

PT-2023-7474 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: A critical issue has been found in the OSPF Handler component of the software, potentially allowing for command injection through the manipulation of the argument area. This can be...

Ubiquiti EdgeRouter 命令注入漏洞

Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6. An attacker could exploit the vulnerability to cause command injection...

CVE-2021-22909

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle MitM attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later...

Design/Logic Flaw

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle MitM attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later...

CVE-2021-22909

EdgeMAX EdgeRouter exposes a vulnerability (CVE-2021-22909) in V2.0.9 and earlier that can enable a man-in-the-middle attack during firmware updates. Red Hat and NVD entries align on the affected product range and the update process risk. The issue is resolved in EdgeRouter V2.0.9-hotfix.1 and la...

CVE-2021-22909

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle MitM attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later...

Ubiquiti Networks EdgeRouter 信任管理问题漏洞

Ubiquiti Networks EdgeRouter is a router from Ubiquiti Networks, Inc. A trust management issue vulnerability exists in Ubiquiti Networks EdgeOS on EdgeRouter X that could allow a remote attacker to execute arbitrary code on an affected installation...

PT-2021-15266 · Ubiquiti · Edgemax Edgerouter

Name of the Vulnerable Software and Affected Versions: EdgeMAX EdgeRouter versions prior to V2.0.9-hotfix.1 Description: A vulnerability found in EdgeMAX EdgeRouter could allow a malicious actor to execute a man-in-the-middle MitM attack during a firmware update. Recommendations: For EdgeMAX...

Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must...