cbcvebase.
CVE-2023-23912
published 2023-02-09

CVE-2023-23912: A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix…

PriorityP351high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.89%
54.9th percentile
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Affected

18 ranges
VendorProductVersion rangeFixed in
uier-10x_firmware< 2.0.92.0.9
uier-10x_firmware
uier-12_firmware< 2.0.92.0.9
uier-12_firmware
uier-12p_firmware< 2.0.92.0.9
uier-12p_firmware
uier-4_firmware< 2.0.92.0.9
uier-4_firmware
uier-6p_firmware< 2.0.92.0.9
uier-6p_firmware
uier-8-xg_firmware< 2.0.92.0.9
uier-8-xg_firmware
uier-x-sfp_firmware< 2.0.92.0.9
uier-x-sfp_firmware
uier-x_firmware< 2.0.92.0.9
uier-x_firmware
uiusg-pro-4_firmware< 4.4.574.4.57
uiusg_firmware< 4.4.574.4.57
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.