CVE-2023-23912 (GCVE-0-2023-23912)

Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 19:02
VLAI?
Summary
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
Severity ?
8.8 (High)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)
Assigner
References
Impacted products
Vendor Product Version
n/a Ubiquiti EdgeRouter(s) and USG(s) Affected: EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:42:27.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T19:01:41.360781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T19:02:10.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ubiquiti EdgeRouter(s) and USG(s)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-75",
              "description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-09T00:00:00.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-23912",
    "datePublished": "2023-02-09T00:00:00.000Z",
    "dateReserved": "2023-01-19T00:00:00.000Z",
    "dateUpdated": "2025-03-24T19:02:10.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.4.57\", \"matchCriteriaId\": \"42EEFED0-A2A2-4331-A87A-A181742D0550\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59478336-F60A-4963-A3E3-89B04A119223\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.4.57\", \"matchCriteriaId\": \"7074B37B-FBD0-4484-96FA-15F51661CBD7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D357AC52-6588-45F2-ACAC-165B4C97F464\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"0443C2FC-354E-47A1-A73B-912DD16EA216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B1E29D-7EEA-42BE-BB73-2EDF0DF1D7B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C20F448-B93A-49CA-BB13-FBCB08BB9D4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0CC4F6A-660D-4EED-886D-63E8EA9723B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"32E6424A-4E41-4DDA-A8FE-66C0DE007623\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"257D043B-BBD0-45D5-AEA4-32DC720F3C2B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"0FAD0529-AA21-48D4-86CC-663381C8C211\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E80E56E-A867-40F0-B5E7-B4B0CE4F912F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"12E1323D-1078-4501-A8FD-7DB263F2411E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D6756AB-F23F-4060-B38F-DBAA0BC8733B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B10F7FBC-3274-4CB7-AA87-72C2B43DA457\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A7DEE4B-D49C-4D11-9AA8-3F422DDF8964\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"80B96493-2E6D-4F9E-AD41-CD1AB46C0650\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99F46FE-6FA5-4995-B9AB-6DA45AC6AC84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB366C51-77CB-4DA9-957B-873A814EFAD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"9015D609-89CF-4296-9E79-24E39F4C6AA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA39BE0A-9BEA-4578-87E6-AD2402DBC101\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"510797FB-103E-43D3-843B-5330716A13F5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"DA799FF3-1F2A-421D-AB8C-1078F82EA42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E5186F-3777-4A48-B26C-B2E9ADDA5142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"98E75674-504E-4F23-A326-C3257C3B8A2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D425830-846B-4DE1-A894-C5204B2FB38E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A40D50F4-2207-4A04-B9A1-62B0E8A93C88\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0DBDD16-1FDE-45FA-9A5C-44BCF44D70FB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"F2A602FE-52D8-4532-B251-7B297D48DBC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB4D4A9-F899-4F48-BE36-DF0EF01D54F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"49C9FDF4-38A0-4F3F-A254-C23124E9C815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DDE4F7A-0BB2-4160-845C-D98005B48616\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C15499E-CEE1-4E40-8288-243FAE540B99\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9EA558B-7CF3-4CD0-8D73-A6BC646948C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"136672C3-79AD-4CBE-B4D1-22D5CCA49358\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE42C156-EAD4-4594-A45C-3445396D085F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9DFC719-7376-482C-8406-8F8B4903F3B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B6811C-71A1-4E80-B4E1-146D6712FF06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D680162-9253-49E6-8907-EEE0EF59517B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB1CDE7-F121-4D6A-A729-C6A1F27100E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2844D28C-FAD9-498A-93FF-7A4A217210A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.9\", \"matchCriteriaId\": \"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"101616F2-CA1A-4BF0-9025-F20EDA26F235\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.\"}]",
      "id": "CVE-2023-23912",
      "lastModified": "2024-11-21T07:47:05.220",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-02-09T20:15:11.740",
      "references": "[{\"url\": \"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-75\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23912\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2023-02-09T20:15:11.740\",\"lastModified\":\"2025-03-24T19:15:41.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-75\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.57\",\"matchCriteriaId\":\"42EEFED0-A2A2-4331-A87A-A181742D0550\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59478336-F60A-4963-A3E3-89B04A119223\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.57\",\"matchCriteriaId\":\"7074B37B-FBD0-4484-96FA-15F51661CBD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D357AC52-6588-45F2-ACAC-165B4C97F464\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"0443C2FC-354E-47A1-A73B-912DD16EA216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B1E29D-7EEA-42BE-BB73-2EDF0DF1D7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C20F448-B93A-49CA-BB13-FBCB08BB9D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CC4F6A-660D-4EED-886D-63E8EA9723B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E6424A-4E41-4DDA-A8FE-66C0DE007623\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257D043B-BBD0-45D5-AEA4-32DC720F3C2B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"0FAD0529-AA21-48D4-86CC-663381C8C211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E80E56E-A867-40F0-B5E7-B4B0CE4F912F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E1323D-1078-4501-A8FD-7DB263F2411E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D6756AB-F23F-4060-B38F-DBAA0BC8733B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B10F7FBC-3274-4CB7-AA87-72C2B43DA457\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A7DEE4B-D49C-4D11-9AA8-3F422DDF8964\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"80B96493-2E6D-4F9E-AD41-CD1AB46C0650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99F46FE-6FA5-4995-B9AB-6DA45AC6AC84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB366C51-77CB-4DA9-957B-873A814EFAD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9015D609-89CF-4296-9E79-24E39F4C6AA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA39BE0A-9BEA-4578-87E6-AD2402DBC101\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"510797FB-103E-43D3-843B-5330716A13F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"DA799FF3-1F2A-421D-AB8C-1078F82EA42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E5186F-3777-4A48-B26C-B2E9ADDA5142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"98E75674-504E-4F23-A326-C3257C3B8A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D425830-846B-4DE1-A894-C5204B2FB38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40D50F4-2207-4A04-B9A1-62B0E8A93C88\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0DBDD16-1FDE-45FA-9A5C-44BCF44D70FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"F2A602FE-52D8-4532-B251-7B297D48DBC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB4D4A9-F899-4F48-BE36-DF0EF01D54F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"49C9FDF4-38A0-4F3F-A254-C23124E9C815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DDE4F7A-0BB2-4160-845C-D98005B48616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C15499E-CEE1-4E40-8288-243FAE540B99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9EA558B-7CF3-4CD0-8D73-A6BC646948C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"136672C3-79AD-4CBE-B4D1-22D5CCA49358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE42C156-EAD4-4594-A45C-3445396D085F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DFC719-7376-482C-8406-8F8B4903F3B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B6811C-71A1-4E80-B4E1-146D6712FF06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D680162-9253-49E6-8907-EEE0EF59517B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB1CDE7-F121-4D6A-A729-C6A1F27100E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB3EE14-A555-4DCA-9C16-F3D72489F10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2844D28C-FAD9-498A-93FF-7A4A217210A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B9AD72-BF39-4731-85B9-26036F7C425B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9\",\"matchCriteriaId\":\"34DA36D8-F0BD-4E98-A74C-5D50AD0980C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"906F4A72-7C6D-45FD-875F-2D2791CE9F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B919E33F-AC70-432C-A3F8-29FDFC710BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"101616F2-CA1A-4BF0-9025-F20EDA26F235\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900\"}]}]}],\"references\":[{\"url\":\"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:42:27.060Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23912\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T19:01:41.360781Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T19:02:05.315Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Ubiquiti EdgeRouter(s) and USG(s)\", \"versions\": [{\"status\": \"affected\", \"version\": \"EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later\"}]}], \"references\": [{\"url\": \"https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-75\", \"description\": \"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-02-09T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23912\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T19:02:10.197Z\", \"dateReserved\": \"2023-01-19T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2023-02-09T00:00:00.000Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.