T1Nk3Rl94E

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-EW1200G version 07161417 r483 **Description** A critical issue affects some unknown functionality of the `/api/sys/login` API endpoint, leading to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For Ruijie RG-EW1200G version 07161417 r483, as a temporary workaround, consider restricting access to the `/api/sys/login` API endpoint until a patch is available. Avoid using this endpoint for authentication purposes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-EW1200G version 1.0(1)B1P5 **Description** A critical issue has been found in the Administrator Password Handler component, specifically affecting an unknown functionality of the file "/api/sys/set passwd". This leads to improper access controls, allowing remote attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For Ruijie RG-EW1200G version 1.0(1)B1P5, as a temporary workaround, consider restricting access to the "/api/sys/set passwd" API endpoint until a patch is available. Additionally, limiting the use of the Administrator Password Handler component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** jeecg-boot version 3.5.0 **Description** A critical issue affects some unknown processing of the component API Documentation, leading to improper authentication because the software does not properly prove or insufficiently proves that an identity claim is correct when an actor claims to have a given identity. The attack may be initiated remotely. **Recommendations** For jeecg-boot version 3.5.0, consider disabling the API Documentation component until a patch is available to prevent improper authentication. Restrict access to the API to minimize the risk of exploitation. Avoid using the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.