CVE-2023-23912

Summary

CVE	CVE-2023-23912
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-09 20:15:00 UTC
Updated	2023-02-17 20:04:00 UTC
Description	A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ui	Er-10x	-	All	All	All
Operating System	Ui	Er-10x Firmware	All	All	All	All
Operating System	Ui	Er-10x Firmware	2.0.9	-	All	All
Operating System	Ui	Er-10x Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-10x Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-10x Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Er-12	-	All	All	All
Hardware	Ui	Er-12p	-	All	All	All
Operating System	Ui	Er-12p Firmware	All	All	All	All
Operating System	Ui	Er-12p Firmware	2.0.9	-	All	All
Operating System	Ui	Er-12p Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-12p Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-12p Firmware	2.0.9	hotfix5	All	All
Operating System	Ui	Er-12 Firmware	All	All	All	All
Operating System	Ui	Er-12 Firmware	2.0.9	-	All	All
Operating System	Ui	Er-12 Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-12 Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-12 Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Er-4	-	All	All	All
Operating System	Ui	Er-4 Firmware	All	All	All	All
Operating System	Ui	Er-4 Firmware	2.0.9	-	All	All
Operating System	Ui	Er-4 Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-4 Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-4 Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Er-6p	-	All	All	All
Operating System	Ui	Er-6p Firmware	All	All	All	All
Operating System	Ui	Er-6p Firmware	2.0.9	-	All	All
Operating System	Ui	Er-6p Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-6p Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-6p Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Er-8-xg	-	All	All	All
Operating System	Ui	Er-8-xg Firmware	All	All	All	All
Operating System	Ui	Er-8-xg Firmware	2.0.9	-	All	All
Operating System	Ui	Er-8-xg Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-8-xg Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-8-xg Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Er-x	-	All	All	All
Hardware	Ui	Er-x-sfp	-	All	All	All
Operating System	Ui	Er-x-sfp Firmware	All	All	All	All
Operating System	Ui	Er-x-sfp Firmware	2.0.9	-	All	All
Operating System	Ui	Er-x-sfp Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-x-sfp Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-x-sfp Firmware	2.0.9	hotfix5	All	All
Operating System	Ui	Er-x Firmware	All	All	All	All
Operating System	Ui	Er-x Firmware	2.0.9	-	All	All
Operating System	Ui	Er-x Firmware	2.0.9	hotfix2	All	All
Operating System	Ui	Er-x Firmware	2.0.9	hotfix4	All	All
Operating System	Ui	Er-x Firmware	2.0.9	hotfix5	All	All
Hardware	Ui	Usg	-	All	All	All
Hardware	Ui	Usg-pro-4	-	All	All	All
Operating System	Ui	Usg-pro-4 Firmware	All	All	All	All
Operating System	Ui	Usg Firmware	All	All	All	All

References

Reference	Source	Link	Tags
community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da...	MISC	community.ui.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.