Skip to main content

Rg Ew1200R Firmware CVE-2023-34644

CRITICAL
Code Injection (CWE-94)
2023-07-31 cve@mitre.org
RCE Code Injection Rg Ew1200R Firmware Rg Ew300 Firmware Rg Ew3200Gx Firmware Rg Ew1200G Firmware Rg Ew1800Gx Firmware Rg Ew300R Firmware Rg Ew1200 Firmware Rg Eg3000Xe Firmware Rg Eg105G Firmware Rg Eg305Gh P E Firmware Rg Eg105G P Firmware Rg Eg3230 Firmware Rg Eg1000E Firmware Rg Eg105G E Firmware Rg Eg105Gw T Firmware Rg Eg105Gw X Firmware Rg Eg2000Ce Firmware Rg Eg2100 P Firmware Rg Eg209Gs Firmware Rg Eg310Gh E Firmware Rg Eg3000Eu Firmware Rg Eg210G P Firmware Rg Eg3250 Firmware Re Eg1000M Firmware Rg Eg1000C Firmware Rg Nbs3100 48Gt4Sfp P Firmware Rg Nbs3200 24Gt4Xs Firmware Rg Nbs3200 24Sfp Firmware Rg Nbs3200 8Gt4Xs Firmware Rg Nbs3200 24Gt4Xs P Firmware Rg Nbs3200 48Gt4Xs Firmware Rg Nbs3200 48Gt4Xs P Firmware Rg Nbs3100 24Gt4Sfp Firmware Rg Nbs3100 24Gt4Sfp P Firmware Rg Nbs3100 8Gt2Sfp Firmware Rg Nbs3100 8Gt2Sfp P Firmware Rg Rap1260 Firmware Rg Rap2266 Firmware Rg Rap1261 Firmware Rg Rap73Hd Firmware Rg Rap2200 E Firmware Rg Rap6260 H Firmware Rg Rap1200 P Firmware Rg Rap2260 E Firmware Rg Rap6262 G Firmware Rg Rap6262 Firmware Rg Rap2260 Firmware Rg Rap6202 G Firmware Rg Rap1201 Firmware Rg Rap1200 F Firmware Rg Rap2260 F Firmware Rg Rap2200 F Firmware Rg Rap6260 G Firmware Rg Rap2260 G Firmware Rg Rap6260 H D Firmware Rg Nbc256 Firmware Rg Nbc512 Firmware Rg S1930 24Gt4Sfp Firmware Rg S1930 24T4Sfp P Firmware Rg S1930 8Gt2Sfp Firmware Rg S1930 8Gt2Sfp P Firmware Rg S1930 8T2Sfp P Firmware Rg S1930 24T4Sfp Firmware Rg S1930 24Gt4Sfp P Firmware Rg S1930 8T2Sfp Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2023 - 14:15 nvd
CRITICAL 9.8

DescriptionNVD

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.

AnalysisAI

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. Affected products include: Ruijie Rg-Ew1200R Firmware, Ruijie Rg-Ew300 Firmware, Ruijie Rg-Ew3200Gx Firmware, Ruijie Rg-Ew1200G Firmware, Ruijie Rg-Ew1800Gx Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

Share

CVE-2023-34644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy