CVE-2023-1457

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeRouter X version 2.0.9-hotfix.6

Description The issue exists due to insufficient input validation in the Static Routing Configuration Handler component of the Ubiquiti EdgeRouter microprogram. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. The manipulation of the next-hop-interface argument leads to command injection. It is possible to launch the attack remotely.

Recommendations For Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, consider disabling the Static Routing Configuration Handler component until a patch is available. Restrict access to the next-hop-interface argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.