Vulnerability Description
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Usg Firmware | < 4.4.57 |
| Ui | Usg | - |
| Ui | Usg-Pro-4 Firmware | < 4.4.57 |
| Ui | Usg-Pro-4 | - |
| Ui | Er-10X Firmware | < 2.0.9 |
| Ui | Er-10X | - |
| Ui | Er-12 Firmware | < 2.0.9 |
| Ui | Er-12 | - |
| Ui | Er-12P Firmware | < 2.0.9 |
| Ui | Er-12P | - |
| Ui | Er-4 Firmware | < 2.0.9 |
| Ui | Er-4 | - |
| Ui | Er-6P Firmware | < 2.0.9 |
| Ui | Er-6P | - |
| Ui | Er-8-Xg Firmware | < 2.0.9 |
| Ui | Er-8-Xg | - |
| Ui | Er-X Firmware | < 2.0.9 |
| Ui | Er-X | - |
| Ui | Er-X-Sfp Firmware | < 2.0.9 |
| Ui | Er-X-Sfp | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-71ExploitPatchVendor Advisory
- https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-71ExploitPatchVendor Advisory
FAQ
What is CVE-2023-23912?
CVE-2023-23912 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhc...
How severe is CVE-2023-23912?
CVE-2023-23912 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23912?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Usg Firmware, Ui Usg, Ui Usg-Pro-4 Firmware, Ui Usg-Pro-4, Ui Er-10X Firmware.