A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Ui
  • Er-10x Firmware
  • Er-4
  • Er-12p Firmware
  • Er-x-sfp Firmware
  • Usg-pro-4 Firmware
  • Usg-pro-4
  • Usg Firmware
  • Er-12
  • Er-6p
  • Er-10x
  • Usg
  • Er-8-xg
  • Er-6p Firmware
  • Er-4 Firmware
  • Er-12p
  • Er-12 Firmware
  • Er-x
  • Er-8-xg Firmware
  • Er-x Firmware
  • Er-x-sfp

Configuration 1 [-]

AND
cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*
cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*
References
Link Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f Exploit Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2023-02-09T00:00:00

Updated: 2023-02-09T00:00:00

Reserved: 2023-01-19T00:00:00

Link: CVE-2023-23912

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-02-09T20:15:11.740

Modified: 2023-02-17T20:04:53.320

Link: CVE-2023-23912

JSON object: View

cve-icon Redhat Information

No data.

CWE