CVE-2023-23912

Name of the Vulnerable Software and Affected Versions EdgeRouters versions 2.0.9-hotfix.5 and earlier UniFi Security Gateways (USG) versions 4.4.56 and earlier

Description A vulnerability allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution issue. This is related to incorrect management of code generation. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For EdgeRouters versions 2.0.9-hotfix.5 and earlier, consider disabling the DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful as a temporary workaround until a patch is available. For UniFi Security Gateways (USG) versions 4.4.56 and earlier, restrict access to the WAN interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.