PT-2025-38672 · Ruijie · Ruijie 6000-E10

Maximdevere

Publicado

2025-09-22

Atualizado

2025-09-24

CVE-2025-10774

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117

Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system command injection. The attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions through 2.4.3.6-20171117 should be updated. As a temporary workaround, restrict access to the file /view/vpn/autovpn/sub commit.php to minimize the risk of exploitation. Avoid using the key parameter in the affected file until the issue is resolved.

Exploit

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

CVE-2025-10774

Produtos afetados

Ruijie 6000-E10

PT-2025-38672 · Ruijie · Ruijie 6000-E10

CVE-2025-10774

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8