{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23912", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2025-03-24T19:02:10.197Z", "dateReserved": "2023-01-19T00:00:00.000Z", "datePublished": "2023-02-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-02-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability."}], "affected": [{"vendor": "n/a", "product": "Ubiquiti EdgeRouter(s) and USG(s)", "versions": [{"version": "EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later", "status": "affected"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)", "cweId": "CWE-75"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:27.060Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-24T19:01:41.360781Z", "id": "CVE-2023-23912", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T19:02:10.197Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:27.060Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-23912", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-24T19:01:41.360781Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T19:02:05.315Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Ubiquiti EdgeRouter(s) and USG(s)", "versions": [{"status": "affected", "version": "EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"}], "descriptions": [{"lang": "en", "value": "A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-75", "description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-02-09T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23912", "state": "PUBLISHED", "dateUpdated": "2025-03-24T19:02:10.197Z", "dateReserved": "2023-01-19T00:00:00.000Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2023-02-09T00:00:00.000Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:usg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "42EEFED0-A2A2-4331-A87A-A181742D0550", "versionEndExcluding": "4.4.57", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:usg:-:*:*:*:*:*:*:*", "matchCriteriaId": "59478336-F60A-4963-A3E3-89B04A119223", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:usg-pro-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7074B37B-FBD0-4484-96FA-15F51661CBD7", "versionEndExcluding": "4.4.57", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:usg-pro-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "D357AC52-6588-45F2-ACAC-165B4C97F464", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-10x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0443C2FC-354E-47A1-A73B-912DD16EA216", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-10x_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "91B1E29D-7EEA-42BE-BB73-2EDF0DF1D7B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "0C20F448-B93A-49CA-BB13-FBCB08BB9D4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "B0CC4F6A-660D-4EED-886D-63E8EA9723B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-10x_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "32E6424A-4E41-4DDA-A8FE-66C0DE007623", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-10x:-:*:*:*:*:*:*:*", "matchCriteriaId": "257D043B-BBD0-45D5-AEA4-32DC720F3C2B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FAD0529-AA21-48D4-86CC-663381C8C211", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "6E80E56E-A867-40F0-B5E7-B4B0CE4F912F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "12E1323D-1078-4501-A8FD-7DB263F2411E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "0D6756AB-F23F-4060-B38F-DBAA0BC8733B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "B10F7FBC-3274-4CB7-AA87-72C2B43DA457", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A7DEE4B-D49C-4D11-9AA8-3F422DDF8964", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-12p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80B96493-2E6D-4F9E-AD41-CD1AB46C0650", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12p_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "D99F46FE-6FA5-4995-B9AB-6DA45AC6AC84", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "AB366C51-77CB-4DA9-957B-873A814EFAD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "9015D609-89CF-4296-9E79-24E39F4C6AA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-12p_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "FA39BE0A-9BEA-4578-87E6-AD2402DBC101", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-12p:-:*:*:*:*:*:*:*", "matchCriteriaId": "510797FB-103E-43D3-843B-5330716A13F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA799FF3-1F2A-421D-AB8C-1078F82EA42C", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-4_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "E0E5186F-3777-4A48-B26C-B2E9ADDA5142", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "98E75674-504E-4F23-A326-C3257C3B8A2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "0D425830-846B-4DE1-A894-C5204B2FB38E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-4_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "A40D50F4-2207-4A04-B9A1-62B0E8A93C88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0DBDD16-1FDE-45FA-9A5C-44BCF44D70FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2A602FE-52D8-4532-B251-7B297D48DBC2", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-6p_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "4EB4D4A9-F899-4F48-BE36-DF0EF01D54F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "49C9FDF4-38A0-4F3F-A254-C23124E9C815", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "1DDE4F7A-0BB2-4160-845C-D98005B48616", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-6p_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "3C15499E-CEE1-4E40-8288-243FAE540B99", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9EA558B-7CF3-4CD0-8D73-A6BC646948C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "136672C3-79AD-4CBE-B4D1-22D5CCA49358", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "EE42C156-EAD4-4594-A45C-3445396D085F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "B9DFC719-7376-482C-8406-8F8B4903F3B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "C4B6811C-71A1-4E80-B4E1-146D6712FF06", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-8-xg_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "5D680162-9253-49E6-8907-EEE0EF59517B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBB1CDE7-F121-4D6A-A729-C6A1F27100E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability."}], "id": "CVE-2023-23912", "lastModified": "2025-03-24T19:15:41.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-09T20:15:11.740", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-75"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}