CVE-2023-23912

Name: CVE-2023-23912
Creator: NVD / NIST
Published: 2023-02-09T20:15:11.74+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.89%

Last modified Jun 17, 2026

CVE-2023-23912 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.

Description

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.89%

54.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Ui	Usg Firmware	< 4.4.57
Ui	Usg-Pro-4 Firmware	< 4.4.57
Ui	Er-10x Firmware	< 2.0.9
Ui	Er-10x Firmware	2.0.9
Ui	Er-12 Firmware	< 2.0.9
Ui	Er-12 Firmware	2.0.9
Ui	Er-12p Firmware	< 2.0.9
Ui	Er-12p Firmware	2.0.9
Ui	Er-4 Firmware	< 2.0.9
Ui	Er-4 Firmware	2.0.9
Ui	Er-6p Firmware	< 2.0.9
Ui	Er-6p Firmware	2.0.9
Ui	Er-8-Xg Firmware	< 2.0.9
Ui	Er-8-Xg Firmware	2.0.9
Ui	Er-X Firmware	< 2.0.9
Ui	Er-X Firmware	2.0.9
Ui	Er-X-Sfp Firmware	< 2.0.9
Ui	Er-X-Sfp Firmware	2.0.9

References

https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5fExploit, Patch, Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5fExploit, Patch, Vendor Advisory

Timeline

Published: Feb 9, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-23912?

How severe is CVE-2023-23912?

CVE-2023-23912 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.89% probability of exploitation in the next 30 days.

How do I fix CVE-2023-23912?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-23912?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST