CVE-2023-23912
published 2023-02-09CVE-2023-23912: A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix…
PriorityP351high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.89%
54.9th percentile
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ui | er-10x_firmware | < 2.0.9 | 2.0.9 |
| ui | er-10x_firmware | — | — |
| ui | er-12_firmware | < 2.0.9 | 2.0.9 |
| ui | er-12_firmware | — | — |
| ui | er-12p_firmware | < 2.0.9 | 2.0.9 |
| ui | er-12p_firmware | — | — |
| ui | er-4_firmware | < 2.0.9 | 2.0.9 |
| ui | er-4_firmware | — | — |
| ui | er-6p_firmware | < 2.0.9 | 2.0.9 |
| ui | er-6p_firmware | — | — |
| ui | er-8-xg_firmware | < 2.0.9 | 2.0.9 |
| ui | er-8-xg_firmware | — | — |
| ui | er-x-sfp_firmware | < 2.0.9 | 2.0.9 |
| ui | er-x-sfp_firmware | — | — |
| ui | er-x_firmware | < 2.0.9 | 2.0.9 |
| ui | er-x_firmware | — | — |
| ui | usg-pro-4_firmware | < 4.4.57 | 4.4.57 |
| ui | usg_firmware | < 4.4.57 | 4.4.57 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-09
Published