A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
References
Link | Resource |
---|---|
https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f | Exploit Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
17 Feb 2023, 20:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:* cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:* cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:* cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:* cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:* cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:* cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:* cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:* cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:* cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:* cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:* cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:* cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:* cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:* |
|
First Time |
Ui er-x-sfp
Ui er-8-xg Firmware Ui er-8-xg Ui Ui er-10x Firmware Ui er-12p Ui usg Ui er-12 Firmware Ui er-4 Firmware Ui er-12 Ui usg-pro-4 Ui usg-pro-4 Firmware Ui er-x-sfp Firmware Ui er-4 Ui er-x Firmware Ui er-x Ui usg Firmware Ui er-12p Firmware Ui er-6p Firmware Ui er-10x Ui er-6p |
|
CWE | CWE-94 | |
References | (MISC) https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f - Exploit, Patch, Vendor Advisory |
09 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-09 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23912
Mitre link : CVE-2023-23912
CVE.ORG link : CVE-2023-23912
JSON object : View
Products Affected
ui
- usg-pro-4_firmware
- er-12_firmware
- usg_firmware
- er-x
- er-8-xg
- er-x-sfp_firmware
- er-8-xg_firmware
- er-10x
- er-6p_firmware
- er-6p
- er-10x_firmware
- er-12p_firmware
- er-x_firmware
- er-4
- usg-pro-4
- er-12
- er-4_firmware
- usg
- er-x-sfp
- er-12p