{"api_version":"1","generated_at":"2026-04-23T09:52:31+00:00","cve":"CVE-2023-2379","urls":{"html":"https://cve.report/CVE-2023-2379","api":"https://cve.report/api/cve/CVE-2023-2379.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-2379","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-2379"},"summary":{"title":"CVE-2023-2379","description":"A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-04-28 17:15:00","updated_at":"2023-11-07 04:12:00"},"problem_types":["CWE-404"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.227655","name":"https://vuldb.com/?id.227655","refsource":"MISC","tags":[],"title":"CVE-2023-2379: Ubiquiti EdgeRouter X Web Service denial of service","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS","name":"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS","refsource":"MISC","tags":[],"title":"IoT/EdgeRouterX/DoS at main · leetsun/IoT · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.227655","name":"https://vuldb.com/?ctiid.227655","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-2379","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2379","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"2379","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ui","cpe5":"er-x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ui","cpe5":"er-x-sfp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"hotfix2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"hotfix3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"hotfix4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"hotfix5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x-sfp_firmware","cpe6":"2.0.9","cpe7":"hotfix6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"hotfix2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"hotfix3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"hotfix4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"hotfix5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ui","cpe5":"er-x_firmware","cpe6":"2.0.9","cpe7":"hotfix6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-2379","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655."},{"lang":"deu","value":"Es wurde eine Schwachstelle in Ubiquiti EdgeRouter X bis 2.0.9-hotfix.6 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Service. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-404 Denial of Service","cweId":"CWE-404"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Ubiquiti","product":{"product_data":[{"product_name":"EdgeRouter X","version":{"version_data":[{"version_affected":"=","version_value":"2.0.9-hotfix.0"},{"version_affected":"=","version_value":"2.0.9-hotfix.1"},{"version_affected":"=","version_value":"2.0.9-hotfix.2"},{"version_affected":"=","version_value":"2.0.9-hotfix.3"},{"version_affected":"=","version_value":"2.0.9-hotfix.4"},{"version_affected":"=","version_value":"2.0.9-hotfix.5"},{"version_affected":"=","version_value":"2.0.9-hotfix.6"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.227655","refsource":"MISC","name":"https://vuldb.com/?id.227655"},{"url":"https://vuldb.com/?ctiid.227655","refsource":"MISC","name":"https://vuldb.com/?ctiid.227655"},{"url":"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS","refsource":"MISC","name":"https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"}]},"credits":[{"lang":"en","value":"leetmoon (VulDB User)"}],"impact":{"cvss":[{"version":"3.1","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseSeverity":"HIGH"},{"version":"3.0","baseScore":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseSeverity":"HIGH"},{"version":"2.0","baseScore":7.8,"vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}]}},"nvd":{"publishedDate":"2023-04-28 17:15:00","lastModifiedDate":"2023-11-07 04:12:00","problem_types":["CWE-404"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}