cve/2023/CVE-2023-2374.md

### [CVE-2023-2374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2374)
![](https://img.shields.io/static/v1?label=Product&message=EdgeRouter%20X&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.9-hotfix.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)

### Description

A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.

### POC

#### Reference
- https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6
- https://vuldb.com/?id.227650

#### Github
No PoCs found on GitHub currently.