Skip to main content

Rg Ew1200 Firmware CVE-2023-38902

HIGH
Command Injection (CWE-77)
2023-08-17 cve@mitre.org
Command Injection Rg Ew1200 Firmware Rg Ew1200G Pro Firmware Rg Ew1200R Firmware Rg Ew1300G Firmware Rg Ew1800Gx Pro Firmware Rg Ew3000Gx Pro Firmware Rg Ew300 Pro Firmware Rg Ew300R Firmware Rg Ew3200Gx Pro Firmware Rg Nb3200 24Gt4Xs Firmware Rg Nbs1850Gc Firmware Rg Nbs1850Gc V2 Firmware Rg Nbs2000 Firmware Rg Nbs2009G P Firmware Rg Nbs200 Firmware Rg Nbs2026G P Firmware Rg Nbs2026G Firmware Rg Nbs226F Firmware Rg Nbs228F Firmware Rg Nbs252F Firmware Rg Nbs3100 24Gt4Sfp P Firmware Rg Nbs3100 24Gt4Sfp P V2 Firmware Rg Nbs3100 24Gt4Sfp Firmware Rg Nbs3100 48Gt4Sfp Firmware Rg Nbs3100 8Gt2Sfp P Firmware Rg Nbs3100 8Gt2Sfp Firmware Rg Nbs3200 24Gt4Xs P Firmware Rg Nbs3200 24Sfp 8Gt4Xs Firmware Rg Nbs3200 48Gt4Xs P Firmware Rg Nbs3200 48Gt4Xs Firmware Rg Nbs5100 24Gt4Sfp Firmware Rg Nbs5100 48Gt4Sfp Firmware Rg Nbs5200 24Gt4X Firmware Rg Nbs5200 24Sfp 8Gt4Xs Firmware Rg Nbs5200 48Gt4Xs Firmware Rg Nbs5300 48Mg6Xs Firmware Rg Nbs5528Xg Firmware Rg Nbs5552Xg Firmware Rg Nbs5552Xg V2 0 Firmware Rg Nbs5628Xg Firmware Rg Nbs5652Xg Firmware Rg Nbs5710 24Gt4Sfp E P Firmware Rg Nbs5710 24Gt4Sfp E Firmware Rg Nbs5710 48Gt4Sfp E Firmware Rg Nbs5750 28Gt4Xs E Firmware Rg Nbs5750V2 24Gt4Xs E Firmware Rg Nbs5750V2 24Sfp4Xs E Firmware Rg Nbs5750V2 48Gt4Xs E Firmware Rg Nbs5816Xs Firmware Rg Nbs6002 Firmware Rg Nbs6100 20Xs4Vs2Qxs S Firmware Rg Nbs7003 Firmware Rg Nbs7006 Firmware Rg S1930 24Gt4Sfp Firmware Rg S1930 24T4Sfp P Firmware Rg S1930 24T4Sfp Firmware Rg S1930 8Gt2Sfp P Firmware Rg S1930 8Gt2Sfp Firmware Rg S1930 8T2Sfp P Firmware Rg Eg210G Pe Firmware Rg Eg210G E Firmware Rg Eg105G Pe Firmware Rg Eg105G E Firmware Rg Eg105G V2 Firmware Rg Eg210G P Firmware Rg Rap1260 G Firmware Rg Rap1200 E Firmware Rg Rap1200 F Firmware Rg Rap120V2 Firmware Rg Rap100 Firmware Rg Rap120 Firmware Rg Rap6260 G Firmware Rg Rap2260 E Firmware Rg Rap2260 G Firmware Rg Rap2200 G Firmware Rg Rap2200 E Firmware Rg Rap2200 F Firmware Rg Eap101 V2 Firmware Rg Eap102 V2 Firmware Rg Eap162 G Firmware Rg Eap102 F Firmware Rg Eap102 Firmware Rg Eap101 Firmware Rg Rap630Ioda Firmware Rg Rap630Cd Firmware Rg Rap6261 E Firmware Rg Rap6261 Cd Firmware Rg Eap262 G Firmware Rg Eap212 G Firmware Rg Eap212 F Firmware Rg Eap202 Firmware Rg Eap201 Firmware Rg Eap602 Firmware Rg Eap662 G Firmware Rg Nbc256 Firmware Rg Nbc512 Firmware
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 17, 2023 - 13:15 nvd
HIGH 8.8

DescriptionNVD

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

AnalysisAI

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field. Affected products include: Ruijie Rg-Ew1200 Firmware, Ruijie Rg-Ew1200G Pro Firmware, Ruijie Rg-Ew1200R Firmware, Ruijie Rg-Ew1300G Firmware, Ruijie Rg-Ew1800Gx Pro Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

Share

CVE-2023-38902 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy