CVE-2023-2374

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6

Description A critical issue has been found in the Web Management Interface component. The manipulation of the ecn-down argument leads to command injection. This issue can be exploited remotely.

Recommendations For Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6, consider disabling the Web Management Interface until a patch is available to prevent command injection attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the ecn-down argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.