9.8

CVE-2024-4816

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RuijieRg-uac 6000-cc Firmware Version-
   RuijieRg-uac 6000-cc Version-
RuijieRg-uac 6000-e10 Firmware Version-
   RuijieRg-uac 6000-e10 Version-
RuijieRg-uac 6000-e10 Firmware Version-
   RuijieRg-uac 6000-e10 Version3.0
RuijieRg-uac 6000-e10c Firmware Version-
   RuijieRg-uac 6000-e10c Version-
RuijieRg-uac 6000-e20 Firmware Version-
   RuijieRg-uac 6000-e20 Version-
RuijieRg-uac 6000-e20c Firmware Version-
   RuijieRg-uac 6000-e20c Version-
RuijieRg-uac 6000-e20m Firmware Version-
   RuijieRg-uac 6000-e20m Version-
RuijieRg-uac 6000-e50 Firmware Version-
   RuijieRg-uac 6000-e50 Version-
RuijieRg-uac 6000-e50c Firmware Version-
   RuijieRg-uac 6000-e50c Version-
RuijieRg-uac 6000-e50m Firmware Version-
   RuijieRg-uac 6000-e50m Version-
RuijieRg-uac 6000-ea Firmware Version-
   RuijieRg-uac 6000-ea Version-
RuijieRg-uac 6000-ei Firmware Version-
   RuijieRg-uac 6000-ei Version-
RuijieRg-uac 6000-isg02 Firmware Version-
   RuijieRg-uac 6000-isg02 Version-
RuijieRg-uac 6000-isg10 Firmware Version-
   RuijieRg-uac 6000-isg10 Version-
RuijieRg-uac 6000-isg40 Firmware Version-
   RuijieRg-uac 6000-isg40 Version-
RuijieRg-uac 6000-si Firmware Version-
   RuijieRg-uac 6000-si Version-
RuijieRg-uac 6000-u3100 Firmware Version-
   RuijieRg-uac 6000-u3100 Version-
RuijieRg-uac 6000-u3210 Firmware Version-
   RuijieRg-uac 6000-u3210 Version-
RuijieRg-uac 6000-x100 Firmware Version-
   RuijieRg-uac 6000-x100 Version-
RuijieRg-uac 6000-x100s Firmware Version-
   RuijieRg-uac 6000-x100s Version-
RuijieRg-uac 6000-x20 Firmware Version-
   RuijieRg-uac 6000-x20 Version-
RuijieRg-uac 6000-x200 Firmware Version-
   RuijieRg-uac 6000-x200 Version-
RuijieRg-uac 6000-x20m Firmware Version-
   RuijieRg-uac 6000-x20m Version-
RuijieRg-uac 6000-x20me Firmware Version-
   RuijieRg-uac 6000-x20me Version-
RuijieRg-uac 6000-x300d Firmware Version-
   RuijieRg-uac 6000-x300d Version-
RuijieRg-uac 6000-x60 Firmware Version-
   RuijieRg-uac 6000-x60 Version-
RuijieRg-uac 6000-xs Firmware Version-
   RuijieRg-uac 6000-xs Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.82% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://vuldb.com/?ctiid.263937
VDB Entry
Permissions Required
https://vuldb.com/?id.263937
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.329953
Third Party Advisory
VDB Entry