Flegoity

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-RAP2200(E) version 247 2200 **Description** An issue exists in Ruijie RG-RAP2200(E) 247 2200 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the `module set` in the `/usr/local/lua/dev sta/nbr cwmp.lua` file. **Recommendations** Apply updates to address the issue in the `nbr cwmp.lua` file.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-EW1300G EW1300G versions 1.00 through 4.00 **Description** An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the `module get` function within the `/usr/local/lua/dev sta/networkConnect.lua` file. The vulnerability is triggered through a crafted POST request. **Recommendations** Versions 1.00 through 4.00 should be updated to a fixed version when available. As a temporary workaround, restrict access to the `module get` function within the `/usr/local/lua/dev sta/networkConnect.lua` file.

**Name of the Vulnerable Software and Affected Versions** Ruijie X60 PRO versions V1.00 through V2.00 **Description** An OS Command Injection issue exists in Ruijie X60 PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the `module set` function within the `/usr/local/lua/dev sta/nbr cwmp.lua` file. The vulnerability is triggered through a crafted POST request. **Recommendations** Update Ruijie X60 PRO to a version later than V2.00. As a temporary workaround, restrict access to the `module set` function within the `/usr/local/lua/dev sta/nbr cwmp.lua` file.

**Name of the Vulnerable Software and Affected Versions** Ruijie X60 PRO versions V1.00 through V2.00 **Description** An OS Command Injection issue exists in Ruijie X60 PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the `module set` function within the `/usr/local/lua/dev config/config retain.lua` file. The vulnerability allows for the execution of arbitrary commands. **Recommendations** Versions V1.00 through V2.00 should be updated to a newer, secure version when available. As a temporary workaround, restrict access to the `module set` function in `/usr/local/lua/dev config/config retain.lua` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-EW1800GX PRO B11P226 EW1800GX-PRO 10223117 **Description** An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the `module get` function within the `/usr/local/lua/dev sta/networkConnect.lua` file. The vulnerability is an OS Command Injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie X60 PRO versions V1.00 through V2.00 **Description** An issue exists in Ruijie X60 PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw present in the `module get` function within the `/usr/local/lua/dev sta/networkConnect.lua` file. Exploitation occurs through a crafted POST request. The `module get` function is vulnerable. **Recommendations** Update Ruijie X60 PRO to a version later than V2.00.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-BCR RG-BCR600W (affected versions not specified) **Description** An issue exists that allows attackers to execute arbitrary commands. This can be triggered by sending a specially crafted POST request to the `get wanobj` function within the file `/usr/lib/lua/luci/controller/admin/common.lua`. The issue is an OS Command Injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.