A heap overflow vulnerability, tracked as CVE-2023-31998, has been discovered in Ubiquiti EdgeRouter and AirCube devices, allowing for arbitrary code execution. The vulnerability resides in the MiniUPnPd service and can be exploited over a LAN connection, potentially interrupting UPnP service. Proof-of-concept code targeting the issue is available, and although the vulnerability has been patched in recent software updates, other products relying on MiniUPnPd may still be vulnerable. Users are advised to update their devices promptly.
Read more: https://www.securityweek.com/poc-exploit-published-for-recent-ubiquiti-edgerouter-vulnerability/