Metrics
Affected Vendors & Products
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability. | A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities. |
| Title | Ubiquiti EdgeRouter X Web Management Interface command injection | Ubiquiti EdgeRouter X Web Management command injection |
| First Time appeared |
Ubiquiti
Ubiquiti edgerouter X |
|
| Weaknesses | CWE-74 | |
| CPEs | cpe:2.3:h:ubiquiti:edgerouter_x:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Ubiquiti
Ubiquiti edgerouter X |
|
| References |
| |
| Metrics |
cvssV2_0
|
cvssV4_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-09T13:53:09.733Z
Reserved: 2023-04-28T11:29:52.832Z
Link: CVE-2023-2374
No data.
Status : Modified
Published: 2023-04-28T15:15:10.847
Modified: 2026-06-17T05:52:24.730
Link: CVE-2023-2374
No data.
OpenCVE Enrichment
No data.