CVE-2023-31998

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeRouter versions prior to 2.0.9-hotfix.7 Ubiquiti AirCube versions prior to 2.8.9

Description A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. The issue is related to the MiniUPnPd service in these devices, which can be exploited by an attacker on the local network to potentially execute arbitrary code. Although there are no signs of this vulnerability being used in real-world attacks, users are recommended to update their devices as soon as possible.

Recommendations For Ubiquiti EdgeRouter versions prior to 2.0.9-hotfix.7, update to version 2.0.9-hotfix.7 or later. For Ubiquiti AirCube versions prior to 2.8.9, update to version 2.8.9 or later. As a temporary workaround, consider disabling the MiniUPnPd service until a patch is available. Restrict access to the UPnP service to minimize the risk of exploitation.