CVE-2023-23912

CVSS V2 None CVSS V3 None
Description
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
Overview
  • CVE ID
  • CVE-2023-23912
  • Assigner
  • support@hackerone.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-09T20:15:11
  • Last Modified Date
  • 2023-02-17T20:04:53
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:* 1 OR 4.4.57
cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:* 1 OR 4.4.57
cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* 1 OR 2.0.9
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:* 1 OR
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:* 1 OR
cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:* 0 OR
References
History
Created Old Value New Value Data Type Notes
2023-04-17 07:28:27 Added to TrackCVE
2023-04-17 07:28:29 Weakness Enumeration new