CVE-2024-4509
06.05.2024, 01:15
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
| Vendor | Product | Version |
|---|---|---|
| ruijie | rg-uac_6000-cc_firmware | - |
| ruijie | rg-uac_6000-e10_firmware | - |
| ruijie | rg-uac_6000-e10_firmware | - |
| ruijie | rg-uac_6000-e10c_firmware | - |
| ruijie | rg-uac_6000-e20_firmware | - |
| ruijie | rg-uac_6000-e20c_firmware | - |
| ruijie | rg-uac_6000-e20m_firmware | - |
| ruijie | rg-uac_6000-e50_firmware | - |
| ruijie | rg-uac_6000-e50c_firmware | - |
| ruijie | rg-uac_6000-e50m_firmware | - |
| ruijie | rg-uac_6000-ea_firmware | - |
| ruijie | rg-uac_6000-ei_firmware | - |
| ruijie | rg-uac_6000-isg02_firmware | - |
| ruijie | rg-uac_6000-isg10_firmware | - |
| ruijie | rg-uac_6000-isg200_firmware | - |
| ruijie | rg-uac_6000-isg40_firmware | - |
| ruijie | rg-uac_6000-si_firmware | - |
| ruijie | rg-uac_6000-u3100_firmware | - |
| ruijie | rg-uac_6000-u3210_firmware | - |
| ruijie | rg-uac_6000-x100_firmware | - |
| ruijie | rg-uac_6000-x100s_firmware | - |
| ruijie | rg-uac_6000-x20_firmware | - |
| ruijie | rg-uac_6000-x200_firmware | - |
| ruijie | rg-uac_6000-x20m_firmware | - |
| ruijie | rg-uac_6000-x20me_firmware | - |
| ruijie | rg-uac_6000-x300d_firmware | - |
| ruijie | rg-uac_6000-x60_firmware | - |
| ruijie | rg-uac_6000-xs_firmware | - |
𝑥
= Vulnerable software versions
References