Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for EdgeRouter X by Ubiquiti

    CVE-2023-2379 (GCVE-0-2023-2379)

    Vulnerability from nvd – Published: 2023-04-28 16:31 – Updated: 2025-01-30 19:26
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Service denial of service
    Summary
    A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.227655 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.227655 signaturepermissions-required
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Credits
    leetmoon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227655"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227655"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T19:26:03.623156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T19:26:09.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Service"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Ubiquiti EdgeRouter X bis 2.0.9-hotfix.6 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Service. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T07:19:43.737Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.227655"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.227655"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-05-21T16:14:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Service denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2379",
        "datePublished": "2023-04-28T16:31:03.591Z",
        "dateReserved": "2023-04-28T11:30:10.404Z",
        "dateUpdated": "2025-01-30T19:26:09.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2378 (GCVE-0-2023-2378)

    Vulnerability from nvd – Published: 2023-04-28 16:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227654 vdb-entrytechnical-description
    https://vuldb.com/vuln/227654/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2378 third-party-advisory
    https://vuldb.com/submit/114072 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227654 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227654 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227654"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227654"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:21.447Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227654 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227654"
            },
            {
              "name": "VDB-227654 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227654/cti"
            },
            {
              "name": "CVE-2023-2378 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2378"
            },
            {
              "name": "Submit #114072 | Command injection at the web management interface of EdgeRouter-x(4)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114072"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:56:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2378",
        "datePublished": "2023-04-28T16:00:04.575Z",
        "dateReserved": "2023-04-28T11:30:06.728Z",
        "dateUpdated": "2026-07-09T13:53:21.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2377 (GCVE-0-2023-2377)

    Vulnerability from nvd – Published: 2023-04-28 15:31 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227653 vdb-entrytechnical-description
    https://vuldb.com/vuln/227653/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2377 third-party-advisory
    https://vuldb.com/submit/114081 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227653 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227653 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227653"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227653"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:18.708Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227653 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227653"
            },
            {
              "name": "VDB-227653 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227653/cti"
            },
            {
              "name": "CVE-2023-2377 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2377"
            },
            {
              "name": "Submit #114081 | Command injection at the web management interface of EdgeRouter-x(9)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114081"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:56:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2377",
        "datePublished": "2023-04-28T15:31:03.377Z",
        "dateReserved": "2023-04-28T11:30:03.838Z",
        "dateUpdated": "2026-07-09T13:53:18.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2376 (GCVE-0-2023-2376)

    Vulnerability from nvd – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227652 vdb-entrytechnical-description
    https://vuldb.com/vuln/227652/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2376 third-party-advisory
    https://vuldb.com/submit/114078 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227652 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227652 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:15.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227652"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227652"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:15.750Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227652 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227652"
            },
            {
              "name": "VDB-227652 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227652/cti"
            },
            {
              "name": "CVE-2023-2376 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2376"
            },
            {
              "name": "Submit #114078 | Command injection at the web management interface of EdgeRouter-x(8)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114078"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:55:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2376",
        "datePublished": "2023-04-28T15:00:08.881Z",
        "dateReserved": "2023-04-28T11:29:59.758Z",
        "dateUpdated": "2026-07-09T13:53:15.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2375 (GCVE-0-2023-2375)

    Vulnerability from nvd – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227651 vdb-entrytechnical-description
    https://vuldb.com/vuln/227651/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2375 third-party-advisory
    https://vuldb.com/submit/114077 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227651 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227651 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:15.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227651"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227651"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:12.606Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227651 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227651"
            },
            {
              "name": "VDB-227651 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227651/cti"
            },
            {
              "name": "CVE-2023-2375 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2375"
            },
            {
              "name": "Submit #114077 | Command injection at the web management interface of EdgeRouter-x(7)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114077"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:54:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2375",
        "datePublished": "2023-04-28T15:00:07.068Z",
        "dateReserved": "2023-04-28T11:29:56.309Z",
        "dateUpdated": "2026-07-09T13:53:12.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2374 (GCVE-0-2023-2374)

    Vulnerability from nvd – Published: 2023-04-28 14:31 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227650 vdb-entrytechnical-description
    https://vuldb.com/vuln/227650/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2374 third-party-advisory
    https://vuldb.com/submit/114075 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227650 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227650 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227650"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227650"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:09.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227650 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227650"
            },
            {
              "name": "VDB-227650 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227650/cti"
            },
            {
              "name": "CVE-2023-2374 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2374"
            },
            {
              "name": "Submit #114075 | Command injection at the web management interface of EdgeRouter-x(6)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114075"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:54:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2374",
        "datePublished": "2023-04-28T14:31:04.038Z",
        "dateReserved": "2023-04-28T11:29:52.832Z",
        "dateUpdated": "2026-07-09T13:53:09.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2373 (GCVE-0-2023-2373)

    Vulnerability from nvd – Published: 2023-04-28 14:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227649 vdb-entrytechnical-description
    https://vuldb.com/vuln/227649/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2373 third-party-advisory
    https://vuldb.com/submit/114074 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227649 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227649 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.944Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227649"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227649"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T17:10:08.357924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T17:10:14.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:06.990Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227649 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227649"
            },
            {
              "name": "VDB-227649 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227649/cti"
            },
            {
              "name": "CVE-2023-2373 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2373"
            },
            {
              "name": "Submit #114074 | Command injection at the web management interface of EdgeRouter-x(5)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114074"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:53:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2373",
        "datePublished": "2023-04-28T14:00:07.264Z",
        "dateReserved": "2023-04-28T11:29:50.552Z",
        "dateUpdated": "2026-07-09T13:53:06.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1458 (GCVE-0-2023-1458)

    Vulnerability from nvd – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223303"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223303"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223303"
            },
            {
              "url": "https://vuldb.com/?ctiid.223303"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1458",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1457 (GCVE-0-2023-1457)

    Vulnerability from nvd – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223302"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223302"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223302"
            },
            {
              "url": "https://vuldb.com/?ctiid.223302"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1457",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1456 (GCVE-0-2023-1456)

    Vulnerability from nvd – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.556Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223301"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223301"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223301"
            },
            {
              "url": "https://vuldb.com/?ctiid.223301"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1456",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2379 (GCVE-0-2023-2379)

    Vulnerability from cvelistv5 – Published: 2023-04-28 16:31 – Updated: 2025-01-30 19:26
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Service denial of service
    Summary
    A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.227655 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.227655 signaturepermissions-required
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Credits
    leetmoon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227655"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227655"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T19:26:03.623156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T19:26:09.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Service"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Ubiquiti EdgeRouter X bis 2.0.9-hotfix.6 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Service. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T07:19:43.737Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.227655"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.227655"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-05-21T16:14:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Service denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2379",
        "datePublished": "2023-04-28T16:31:03.591Z",
        "dateReserved": "2023-04-28T11:30:10.404Z",
        "dateUpdated": "2025-01-30T19:26:09.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2378 (GCVE-0-2023-2378)

    Vulnerability from cvelistv5 – Published: 2023-04-28 16:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227654 vdb-entrytechnical-description
    https://vuldb.com/vuln/227654/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2378 third-party-advisory
    https://vuldb.com/submit/114072 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227654 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227654 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227654"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227654"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:21.447Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227654 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227654"
            },
            {
              "name": "VDB-227654 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227654/cti"
            },
            {
              "name": "CVE-2023-2378 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2378"
            },
            {
              "name": "Submit #114072 | Command injection at the web management interface of EdgeRouter-x(4)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114072"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:56:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2378",
        "datePublished": "2023-04-28T16:00:04.575Z",
        "dateReserved": "2023-04-28T11:30:06.728Z",
        "dateUpdated": "2026-07-09T13:53:21.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2377 (GCVE-0-2023-2377)

    Vulnerability from cvelistv5 – Published: 2023-04-28 15:31 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227653 vdb-entrytechnical-description
    https://vuldb.com/vuln/227653/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2377 third-party-advisory
    https://vuldb.com/submit/114081 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227653 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227653 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227653"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227653"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:18.708Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227653 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227653"
            },
            {
              "name": "VDB-227653 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227653/cti"
            },
            {
              "name": "CVE-2023-2377 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2377"
            },
            {
              "name": "Submit #114081 | Command injection at the web management interface of EdgeRouter-x(9)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114081"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:56:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2377",
        "datePublished": "2023-04-28T15:31:03.377Z",
        "dateReserved": "2023-04-28T11:30:03.838Z",
        "dateUpdated": "2026-07-09T13:53:18.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2376 (GCVE-0-2023-2376)

    Vulnerability from cvelistv5 – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227652 vdb-entrytechnical-description
    https://vuldb.com/vuln/227652/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2376 third-party-advisory
    https://vuldb.com/submit/114078 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227652 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227652 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:15.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227652"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227652"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:15.750Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227652 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227652"
            },
            {
              "name": "VDB-227652 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227652/cti"
            },
            {
              "name": "CVE-2023-2376 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2376"
            },
            {
              "name": "Submit #114078 | Command injection at the web management interface of EdgeRouter-x(8)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114078"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:55:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2376",
        "datePublished": "2023-04-28T15:00:08.881Z",
        "dateReserved": "2023-04-28T11:29:59.758Z",
        "dateUpdated": "2026-07-09T13:53:15.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2375 (GCVE-0-2023-2375)

    Vulnerability from cvelistv5 – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227651 vdb-entrytechnical-description
    https://vuldb.com/vuln/227651/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2375 third-party-advisory
    https://vuldb.com/submit/114077 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227651 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227651 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:15.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227651"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227651"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:12.606Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227651 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227651"
            },
            {
              "name": "VDB-227651 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227651/cti"
            },
            {
              "name": "CVE-2023-2375 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2375"
            },
            {
              "name": "Submit #114077 | Command injection at the web management interface of EdgeRouter-x(7)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114077"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:54:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2375",
        "datePublished": "2023-04-28T15:00:07.068Z",
        "dateReserved": "2023-04-28T11:29:56.309Z",
        "dateUpdated": "2026-07-09T13:53:12.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2374 (GCVE-0-2023-2374)

    Vulnerability from cvelistv5 – Published: 2023-04-28 14:31 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227650 vdb-entrytechnical-description
    https://vuldb.com/vuln/227650/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2374 third-party-advisory
    https://vuldb.com/submit/114075 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227650 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227650 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227650"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227650"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:09.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227650 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227650"
            },
            {
              "name": "VDB-227650 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227650/cti"
            },
            {
              "name": "CVE-2023-2374 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2374"
            },
            {
              "name": "Submit #114075 | Command injection at the web management interface of EdgeRouter-x(6)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114075"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:54:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2374",
        "datePublished": "2023-04-28T14:31:04.038Z",
        "dateReserved": "2023-04-28T11:29:52.832Z",
        "dateUpdated": "2026-07-09T13:53:09.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-2373 (GCVE-0-2023-2373)

    Vulnerability from cvelistv5 – Published: 2023-04-28 14:00 – Updated: 2026-07-09 13:53 Disputed
    VLAI
    Title
    Ubiquiti EdgeRouter X Web Management command injection
    Summary
    A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/227649 vdb-entrytechnical-description
    https://vuldb.com/vuln/227649/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2023-2373 third-party-advisory
    https://vuldb.com/submit/114074 third-party-advisory
    https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
    https://vuldb.com/?id.227649 vdb-entrytechnical-descriptionx_transferred
    https://vuldb.com/?ctiid.227649 signaturepermissions-requiredx_transferred
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
    Affected: 2.0.9-hotfix.1
    Affected: 2.0.9-hotfix.2
    Affected: 2.0.9-hotfix.3
    Affected: 2.0.9-hotfix.4
    Affected: 2.0.9-hotfix.5
    Affected: 2.0.9-hotfix.6
        cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.944Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.227649"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.227649"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T17:10:08.357924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T17:10:14.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Management Interface"
              ],
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T13:53:06.990Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-227649 | Ubiquiti EdgeRouter X Web Management command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/227649"
            },
            {
              "name": "VDB-227649 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/227649/cti"
            },
            {
              "name": "CVE-2023-2373 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2023-2373"
            },
            {
              "name": "Submit #114074 | Command injection at the web management interface of EdgeRouter-x(5)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/114074"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-28T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T15:53:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ubiquiti EdgeRouter X Web Management command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-2373",
        "datePublished": "2023-04-28T14:00:07.264Z",
        "dateReserved": "2023-04-28T11:29:50.552Z",
        "dateUpdated": "2026-07-09T13:53:06.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1458 (GCVE-0-2023-1458)

    Vulnerability from cvelistv5 – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223303"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223303"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223303"
            },
            {
              "url": "https://vuldb.com/?ctiid.223303"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1458",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1456 (GCVE-0-2023-1456)

    Vulnerability from cvelistv5 – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.556Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223301"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223301"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223301"
            },
            {
              "url": "https://vuldb.com/?ctiid.223301"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1456",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1457 (GCVE-0-2023-1457)

    Vulnerability from cvelistv5 – Published: 2023-03-25 00:00 – Updated: 2024-08-02 05:49 Disputed
    VLAI
    Summary
    A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.223302"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.223302"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EdgeRouter X",
              "vendor": "Ubiquiti",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.9-hotfix.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://vuldb.com/?id.223302"
            },
            {
              "url": "https://vuldb.com/?ctiid.223302"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1457",
        "datePublished": "2023-03-25T00:00:00.000Z",
        "dateReserved": "2023-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-02T05:49:11.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }