7.2
CVE-2024-5338
- EPSS 7.87%
- Veröffentlicht 25.05.2024 16:15:08
- Zuletzt bearbeitet 21.08.2025 18:07:10
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Ruijie RG-UAC online.php os command injection
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruijie ≫ Rg-uac 6000-cc Firmware Version-
Ruijie ≫ Rg-uac 6000-e10 Firmware Version-
Ruijie ≫ Rg-uac 6000-e10 Firmware Version-
Ruijie ≫ Rg-uac 6000-e10c Firmware Version-
Ruijie ≫ Rg-uac 6000-e20 Firmware Version-
Ruijie ≫ Rg-uac 6000-e20c Firmware Version-
Ruijie ≫ Rg-uac 6000-e20m Firmware Version-
Ruijie ≫ Rg-uac 6000-e50 Firmware Version-
Ruijie ≫ Rg-uac 6000-e50c Firmware Version-
Ruijie ≫ Rg-uac 6000-e50m Firmware Version-
Ruijie ≫ Rg-uac 6000-ea Firmware Version-
Ruijie ≫ Rg-uac 6000-ei Firmware Version-
Ruijie ≫ Rg-uac 6000-isg02 Firmware Version-
Ruijie ≫ Rg-uac 6000-isg10 Firmware Version-
Ruijie ≫ Rg-uac 6000-isg200 Firmware Version-
Ruijie ≫ Rg-uac 6000-isg40 Firmware Version-
Ruijie ≫ Rg-uac 6000-si Firmware Version-
Ruijie ≫ Rg-uac 6000-u3100 Firmware Version-
Ruijie ≫ Rg-uac 6000-u3210 Firmware Version-
Ruijie ≫ Rg-uac 6000-x100 Firmware Version-
Ruijie ≫ Rg-uac 6000-x100s Firmware Version-
Ruijie ≫ Rg-uac 6000-x20 Firmware Version-
Ruijie ≫ Rg-uac 6000-x200 Firmware Version-
Ruijie ≫ Rg-uac 6000-x20m Firmware Version-
Ruijie ≫ Rg-uac 6000-x20me Firmware Version-
Ruijie ≫ Rg-uac 6000-x300d Firmware Version-
Ruijie ≫ Rg-uac 6000-x60 Firmware Version-
Ruijie ≫ Rg-uac 6000-xs Firmware Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.87% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4.7 | 1.2 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.8 | 6.4 | 6.4 |
AV:N/AC:L/Au:M/C:P/I:P/A:P
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-autovpn%3Aonline.php.pdf
https://vuldb.com/?ctiid.266244
https://vuldb.com/?id.266244
https://vuldb.com/?submit.336036