CVE-2023-2378

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6

Description A critical issue affects some unknown functionality of the Web Management Interface component. The manipulation of the suffix-rate-up argument leads to command injection. The attack can be launched remotely.

Recommendations For versions up to 2.0.9-hotfix.6, as a temporary workaround, consider restricting access to the Web Management Interface to minimize the risk of exploitation. Avoid using the suffix-rate-up argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.