CVE-2023-1456

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeRouter X version 2.0.9-hotfix.6

Description The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execute arbitrary commands. This can lead to command injection. The attack may be initiated remotely.

Recommendations For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the NAT Configuration Handler component until a patch is available. As a temporary workaround, restrict access to the NAT Configuration Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.