CVE-2023-2375 (GCVE-0-2023-2375)

Vulnerability from cvelistv5 – Published: 2023-04-28 15:00 – Updated: 2026-07-09 13:53 Disputed
VLAI
Title
Ubiquiti EdgeRouter X Web Management command injection
Summary
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/227651 vdb-entrytechnical-description
https://vuldb.com/vuln/227651/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2023-2375 third-party-advisory
https://vuldb.com/submit/114077 third-party-advisory
https://github.com/leetsun/IoT/tree/main/EdgeRout… broken-linkexploit
https://vuldb.com/?id.227651 vdb-entrytechnical-descriptionx_transferred
https://vuldb.com/?ctiid.227651 signaturepermissions-requiredx_transferred
Impacted products
Vendor Product Version
Ubiquiti EdgeRouter X Affected: 2.0.9-hotfix.0
Affected: 2.0.9-hotfix.1
Affected: 2.0.9-hotfix.2
Affected: 2.0.9-hotfix.3
Affected: 2.0.9-hotfix.4
Affected: 2.0.9-hotfix.5
Affected: 2.0.9-hotfix.6
    cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
leetmoon (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:19:15.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.227651"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.227651"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Management Interface"
          ],
          "product": "EdgeRouter X",
          "vendor": "Ubiquiti",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.9-hotfix.0"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.1"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.2"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.3"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.4"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.5"
            },
            {
              "status": "affected",
              "version": "2.0.9-hotfix.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetmoon (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 8.3,
            "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T13:53:12.606Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-227651 | Ubiquiti EdgeRouter X Web Management command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/227651"
        },
        {
          "name": "VDB-227651 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/227651/cti"
        },
        {
          "name": "CVE-2023-2375 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2023-2375"
        },
        {
          "name": "Submit #114077 | Command injection at the web management interface of EdgeRouter-x(7)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/114077"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7"
        }
      ],
      "tags": [
        "disputed"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-04-28T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-04-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-09T15:54:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ubiquiti EdgeRouter X Web Management command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-2375",
    "datePublished": "2023-04-28T15:00:07.068Z",
    "dateReserved": "2023-04-28T11:29:56.309Z",
    "dateUpdated": "2026-07-09T13:53:12.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-2375",
      "date": "2026-07-09",
      "epss": "0.06568",
      "percentile": "0.93019"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2844D28C-FAD9-498A-93FF-7A4A217210A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF7E7155-EFDC-42E0-A851-8FD2C58A2076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*\", \"matchCriteriaId\": \"93A4BC03-E96D-42A9-9034-7017DA6EA389\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4191452-071A-4BF1-B312-C4F9C28A5205\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"101616F2-CA1A-4BF0-9025-F20EDA26F235\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*\", \"matchCriteriaId\": \"47ABA9C8-67E4-4DE2-822A-3E17639F745E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.\"}]",
      "id": "CVE-2023-2375",
      "lastModified": "2024-11-21T07:58:29.250",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2023-04-28T15:15:10.903",
      "references": "[{\"url\": \"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.227651\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.227651\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.227651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.227651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-2375\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-04-28T15:15:10.903\",\"lastModified\":\"2026-07-09T15:16:27.760\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"Ubiquiti\",\"product\":\"EdgeRouter X\",\"cpes\":[\"cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:*\"],\"modules\":[\"Web Management Interface\"],\"versions\":[{\"version\":\"2.0.9-hotfix.0\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.1\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.2\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.3\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.4\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.5\",\"status\":\"affected\"},{\"version\":\"2.0.9-hotfix.6\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"},{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2844D28C-FAD9-498A-93FF-7A4A217210A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7E7155-EFDC-42E0-A851-8FD2C58A2076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4BC03-E96D-42A9-9034-7017DA6EA389\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4191452-071A-4BF1-B312-C4F9C28A5205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"101616F2-CA1A-4BF0-9025-F20EDA26F235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*\",\"matchCriteriaId\":\"47ABA9C8-67E4-4DE2-822A-3E17639F745E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}],\"references\":[{\"url\":\"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/cve/CVE-2023-2375\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/submit/114077\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/227651\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/227651/cti\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.227651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.227651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2025-05-28T22:34:39+00:00",
      "cve": "CVE-2023-2375",
      "id": "CVE-2023-2375",
      "initial_release_date": "2023-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "Ubiquiti EdgeRouter X Web Management Interface command injection",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2375.json",
      "version": "3"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…