CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-31997
https://notcve.org/view.php?id=CVE-2023-31997
30 Jun 2023 — UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. • https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34840
https://notcve.org/view.php?id=CVE-2023-34840
30 Jun 2023 — angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. • https://github.com/Xh4H/CVE-2023-34840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-2379 – Ubiquiti EdgeRouter X Web Service denial of service
https://notcve.org/view.php?id=CVE-2023-2379
28 Apr 2023 — A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 1CVE-2023-2378 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2378
28 Apr 2023 — A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30856 – eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution
https://notcve.org/view.php?id=CVE-2023-30856
28 Apr 2023 — eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web a... • https://christian-schneider.net/CrossSiteWebSocketHijacking.html • CWE-346: Origin Validation Error CWE-1385: Missing Origin Validation in WebSockets •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 1CVE-2023-2377 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2377
28 Apr 2023 — A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 1CVE-2023-2376 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2376
28 Apr 2023 — A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 2CVE-2023-2375 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2375
28 Apr 2023 — A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0x0jr/HTB-Devvortex-CVE-2023-2375-PoC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 1CVE-2023-2374 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2374
28 Apr 2023 — A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2023-2373 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2373
28 Apr 2023 — A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •