CVE-2023-2375 (GCVE-0-2023-2375)
Vulnerability from cvelistv5 – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
VLAI
EPSS
VEX
Title
Ubiquiti EdgeRouter X Web Management command injection
Summary
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/227651 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/227651/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2023-2375 | third-party-advisory |
| https://vuldb.com/submit/114077 | third-party-advisory |
| https://github.com/leetsun/IoT/tree/main/EdgeRout… | broken-linkexploit |
| https://vuldb.com/?id.227651 | vdb-entrytechnical-descriptionx_transferred |
| https://vuldb.com/?ctiid.227651 | signaturepermissions-requiredx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti | EdgeRouter X |
Affected:
2.0.9-hotfix.0
Affected: 2.0.9-hotfix.1 Affected: 2.0.9-hotfix.2 Affected: 2.0.9-hotfix.3 Affected: 2.0.9-hotfix.4 Affected: 2.0.9-hotfix.5 Affected: 2.0.9-hotfix.6 cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.227651"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.227651"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "EdgeRouter X",
"vendor": "Ubiquiti",
"versions": [
{
"status": "affected",
"version": "2.0.9-hotfix.0"
},
{
"status": "affected",
"version": "2.0.9-hotfix.1"
},
{
"status": "affected",
"version": "2.0.9-hotfix.2"
},
{
"status": "affected",
"version": "2.0.9-hotfix.3"
},
{
"status": "affected",
"version": "2.0.9-hotfix.4"
},
{
"status": "affected",
"version": "2.0.9-hotfix.5"
},
{
"status": "affected",
"version": "2.0.9-hotfix.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "leetmoon (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:53:12.606Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-227651 | Ubiquiti EdgeRouter X Web Management command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/227651"
},
{
"name": "VDB-227651 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/227651/cti"
},
{
"name": "CVE-2023-2375 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2023-2375"
},
{
"name": "Submit #114077 | Command injection at the web management interface of EdgeRouter-x(7)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/114077"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2023-04-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-04-28T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-04-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-09T15:54:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ubiquiti EdgeRouter X Web Management command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2375",
"datePublished": "2023-04-28T15:00:07.068Z",
"dateReserved": "2023-04-28T11:29:56.309Z",
"dateUpdated": "2026-07-09T13:53:12.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-2375",
"date": "2026-07-10",
"epss": "0.09201",
"percentile": "0.94731"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2844D28C-FAD9-498A-93FF-7A4A217210A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF7E7155-EFDC-42E0-A851-8FD2C58A2076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*\", \"matchCriteriaId\": \"93A4BC03-E96D-42A9-9034-7017DA6EA389\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4191452-071A-4BF1-B312-C4F9C28A5205\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"101616F2-CA1A-4BF0-9025-F20EDA26F235\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*\", \"matchCriteriaId\": \"47ABA9C8-67E4-4DE2-822A-3E17639F745E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.\"}]",
"id": "CVE-2023-2375",
"lastModified": "2024-11-21T07:58:29.250",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2023-04-28T15:15:10.903",
"references": "[{\"url\": \"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.227651\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.227651\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.227651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.227651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-2375\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-04-28T15:15:10.903\",\"lastModified\":\"2026-07-09T15:16:27.760\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"Ubiquiti\",\"product\":\"EdgeRouter X\",\"cpes\":[\"cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*\"],\"modules\":[\"Web Management Interface\"],\"versions\":[{\"version\":\"2.0.9-hotfix.0\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.1\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.2\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.3\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.4\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.5\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.6\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"},{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2844D28C-FAD9-498A-93FF-7A4A217210A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7E7155-EFDC-42E0-A851-8FD2C58A2076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4BC03-E96D-42A9-9034-7017DA6EA389\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4191452-071A-4BF1-B312-C4F9C28A5205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"101616F2-CA1A-4BF0-9025-F20EDA26F235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*\",\"matchCriteriaId\":\"47ABA9C8-67E4-4DE2-822A-3E17639F745E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}],\"references\":[{\"url\":\"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/cve/CVE-2023-2375\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/submit/114077\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/227651\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/227651/cti\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.227651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.227651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T22:34:39+00:00",
"cve": "CVE-2023-2375",
"id": "CVE-2023-2375",
"initial_release_date": "2023-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Ubiquiti EdgeRouter X Web Management Interface command injection",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2375.json",
"version": "3"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…