Metrics
Affected Vendors & Products
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability. | A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities. |
| Title | Ubiquiti EdgeRouter X Web Management Interface command injection | Ubiquiti EdgeRouter X Web Management command injection |
| First Time appeared |
Ubiquiti
Ubiquiti edgerouter X |
|
| Weaknesses | CWE-74 | |
| CPEs | cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Ubiquiti
Ubiquiti edgerouter X |
|
| References |
| |
| Metrics |
cvssV2_0
|
cvssV4_0
|
Thu, 30 Jan 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: VulDB
Published: 2023-04-28T14:00:07.264Z
Updated: 2026-07-09T13:53:06.990Z
Reserved: 2023-04-28T11:29:50.552Z
Link: CVE-2023-2373
Updated: 2024-08-02T06:19:14.944Z
Status : Modified
Published: 2023-04-28T14:15:10.977
Modified: 2026-06-17T05:52:24.550
Link: CVE-2023-2373
No data.