CVE-2023-23912

high-risk
Published 2023-02-09

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Usg Firmware
Usg-Pro-4 Firmware
Er-10X Firmware
Er-10X Firmware
Er-10X Firmware
Er-10X Firmware
Er-10X Firmware
Er-12P Firmware
Er-12P Firmware
Er-12P Firmware
Er-12P Firmware
Er-12P Firmware

Affected Vendors

Ui

References (2)

Exploit https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-71...
Exploit https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-71...
55
/ 100
high-risk
Severity 27/34 · High
Exploitability 4/34 · Minimal
Exposure 24/34 · High