CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-2379 – Ubiquiti EdgeRouter X Web Service denial of service
https://notcve.org/view.php?id=CVE-2023-2379
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS https://vuldb.com/?ctiid.227655 https://vuldb.com/?id.227655 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-2378 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2378
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4 https://vuldb.com/?ctiid.227654 https://vuldb.com/?id.227654 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2023-2377 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2377
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9 https://vuldb.com/?ctiid.227653 https://vuldb.com/?id.227653 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-2376 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2376
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8 https://vuldb.com/?ctiid.227652 https://vuldb.com/?id.227652 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 2CVE-2023-2375 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2375
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0x0jr/HTB-Devvortex-CVE-2023-2375-PoC https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7 https://vuldb.com/?ctiid.227651 https://vuldb.com/?id.227651 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •