CVSS: 8.8EPSS: 0%CPEs: 52EXPL: 1CVE-2023-23912 – Ubiquiti Networks EdgeOS dhcp6c Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23912
09 Feb 2023 — A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS. Authentication is not requir... • https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 3CVE-2019-16889
https://notcve.org/view.php?id=CVE-2019-16889
25 Sep 2019 — Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. Los dispositivos Ubiquiti EdgeMAX versiones anteriores a 2.0.3, permiten a atacantes remotos causar una denegación de servicio (consumo de disco) porque los archi... • https://github.com/grampae/CVE-2019-16889-poc • CWE-770: Allocation of Resources Without Limits or Throttling •