CVE-2023-38902

17.08.2023, 13:15

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
ruijie	rg-ew1200_firmware	3.0\(1\)b11p219
ruijie	rg-ew1200g_pro_firmware	3.0\(1\)b11p219
ruijie	rg-ew1200r_firmware	3.0\(1\)b11p219
ruijie	rg-ew1300g_firmware	3.0\(1\)b11p219
ruijie	rg-ew1800gx_pro_firmware	3.0\(1\)b11p219
ruijie	rg-ew3000gx_pro_firmware	3.0\(1\)b11p219
ruijie	rg-ew300_pro_firmware	3.0\(1\)b11p219
ruijie	rg-ew300r_firmware	3.0\(1\)b11p219
ruijie	rg-ew3200gx_pro_firmware	3.0\(1\)b11p219
ruijie	rg-nb3200-24gt4xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs1850gc_firmware	3.0\(1\)b11p219
ruijie	rg-nbs1850gc_v2_firmware	3.0\(1\)b11p219
ruijie	rg-nbs2000_firmware	3.0\(1\)b11p219
ruijie	rg-nbs2009g-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs200_firmware	3.0\(1\)b11p219
ruijie	rg-nbs2026g-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs2026g_firmware	3.0\(1\)b11p219
ruijie	rg-nbs226f_firmware	3.0\(1\)b11p219
ruijie	rg-nbs228f_firmware	3.0\(1\)b11p219
ruijie	rg-nbs252f_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-24gt4sfp-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-24gt4sfp-p_v2_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-24gt4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-48gt4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-8gt2sfp-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3100-8gt2sfp_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3200-24gt4xs-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3200-24sfp\/8gt4xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3200-48gt4xs-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs3200-48gt4xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5100-24gt4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5100-48gt4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5200-24gt4x_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5200-24sfp\/8gt4xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5200-48gt4xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5300-48mg6xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5528xg_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5552xg_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5552xg_v2.0_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5628xg_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5652xg_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5710-24gt4sfp-e-p_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5710-24gt4sfp-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5710-48gt4sfp-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5750-28gt4xs-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5750v2-24gt4xs-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5750v2-24sfp4xs-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5750v2-48gt4xs-e_firmware	3.0\(1\)b11p219
ruijie	rg-nbs5816xs_firmware	3.0\(1\)b11p219
ruijie	rg-nbs6002_firmware	3.0\(1\)b11p219
ruijie	rg-nbs6100-20xs4vs2qxs-s_firmware	3.0\(1\)b11p219
ruijie	rg-nbs7003_firmware	3.0\(1\)b11p219
ruijie	rg-nbs7006_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-24gt4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-24t4sfp-p_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-24t4sfp_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-8gt2sfp-p_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-8gt2sfp_firmware	3.0\(1\)b11p219
ruijie	rg-s1930-8t2sfp-p_firmware	3.0\(1\)b11p219
ruijie	rg-eg210g-pe_firmware	3.0\(1\)b11p219
ruijie	rg-eg210g-e_firmware	3.0\(1\)b11p219
ruijie	rg-eg105g-pe_firmware	3.0\(1\)b11p219
ruijie	rg-eg105g-e_firmware	3.0\(1\)b11p219
ruijie	rg-eg105g_v2_firmware	3.0\(1\)b11p219
ruijie	rg-eg210g-p_firmware	3.0\(1\)b11p219
ruijie	rg-rap1260\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap1200\(e\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap1200\(f\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap120v2_firmware	3.0\(1\)b11p219
ruijie	rg-rap100_firmware	3.0\(1\)b11p219
ruijie	rg-rap120_firmware	3.0\(1\)b11p219
ruijie	rg-rap6260\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap2260\(e\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap2260\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap2200\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap2200\(e\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap2200\(f\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap101_v2_firmware	3.0\(1\)b11p219
ruijie	rg-eap102_v2_firmware	3.0\(1\)b11p219
ruijie	rg-eap162\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap102\(f\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap102_firmware	3.0\(1\)b11p219
ruijie	rg-eap101_firmware	3.0\(1\)b11p219
ruijie	rg-rap630ioda_firmware	3.0\(1\)b11p219
ruijie	rg-rap630cd_firmware	3.0\(1\)b11p219
ruijie	rg-rap6261\(e\)_firmware	3.0\(1\)b11p219
ruijie	rg-rap6261\(cd\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap262\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap212\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap212\(f\)_firmware	3.0\(1\)b11p219
ruijie	rg-eap202_firmware	3.0\(1\)b11p219
ruijie	rg-eap201_firmware	3.0\(1\)b11p219
ruijie	rg-eap602_firmware	3.0\(1\)b11p219
ruijie	rg-eap662\(g\)_firmware	3.0\(1\)b11p219
ruijie	rg-nbc256_firmware	3.0\(1\)b11p219
ruijie	rg-nbc512_firmware	3.0\(1\)b11p219

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37