N/A

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

在命令中使用的特殊元素转义处理不恰当(命令注入)

Ubiquiti EdgeRouter 命令注入漏洞

Ubiquiti EdgeRouter是美国优比快（Ubiquiti）公司的一个路由器。 Ubiquiti EdgeRouter X 2.0.9-hotfix.6版本存在安全漏洞，该漏洞源于对参数next-hop-interface的错误操作会导致命令注入。

N/A

N/A