CVE-2023-2373 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2373
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5 https://vuldb.com/?ctiid.227649 https://vuldb.com/?id.227649 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-28122
https://notcve.org/view.php?id=CVE-2023-28122
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 •
CVE-2023-28123
https://notcve.org/view.php?id=CVE-2023-28123
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-28124
https://notcve.org/view.php?id=CVE-2023-28124
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. • https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4 • CWE-326: Inadequate Encryption Strength •
CVE-2023-1458
https://notcve.org/view.php?id=CVE-2023-1458
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.223303 https://vuldb.com/?id.223303 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •