Cyber Security Threat Summary:
A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released. The CVE-2023-31998 flaw (CVSS v3 5.9) is a heap overflow issue impacting Ubiquiti EdgeRouters and Aircubes, an attacker can exploit it to potentially execute arbitrary code and interrupt UPnP service to a vulnerable device. The flaw resides in the miniupnpd service and can be exploited by a LAN attacker. The vulnerability affects EdgeRouters 2.0.9-hotfix.6 and earlier and AirCube firmware version 2.8.8 and earlier. Vulnerability reporting firm SSD Secure Disclosure published technical details for the now patched vulnerability, its experts have developed a proof of concept that was successfully tested against another Ubiquiti device, EdgeRouter-X, whose latest firmware suffers from the same vulnerability.

Security Officer Comments:
If specific requirements are met, then an attacker can exploit the vulnerability by sending a specially crafted packet to the miniupnpd service. This packet will cause the miniupnpd service to overflow its heap memory, which could allow the attacker to execute arbitrary code on the vulnerable device. The researchers who discovered the vulnerability warn that vulnerable versions of the MiniUPnPd service may have been shipped with other networking devices. This means that it is possible that other devices, such as home gateways or 5G dongles, may be vulnerable to this attack.

The researchers also point out that the vulnerability has been fixed in commit a77d1ff9, but it was not published as a security vulnerability. This means that it is possible that other devices that are still using the vulnerable version of MiniUPnPd may not be aware of the vulnerability and may not have taken steps to mitigate it. Overall, the CVE-2023-31998 vulnerability is a serious security issue that could allow attackers to take control of vulnerable devices. Users of affected devices are advised to update their firmware as soon as possible to mitigate the risk of attack.

Suggested Correction(s):
Ubiquiti addressed the issue with the release of software updates 2.0.9-hotfix.7 or later for EdgeRouters and software version 2.8.9 or later for Aircubes. The company pointed out that it is not aware of attacks in the wild exploiting this vulnerability.

Link(s):
https://securityaffairs.com/148334/hacking/ubiquiti-edgerouter-flaw.html