Minh Khoa

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists, allowing for potential exploitation. The issue is related to the `setSessionTime` function in the "/cgi-bin/luci/api/common" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, as a temporary workaround, consider disabling the `setSessionTime` function until a patch is available. Restrict access to the "/cgi-bin/luci/api/common" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists, allowing for potential exploitation via the `switchFastDhcp` function in the "/cgi-bin/luci/api/diagnose" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, consider disabling the `switchFastDhcp` function as a temporary workaround until a patch is available. Restrict access to the "/cgi-bin/luci/api/diagnose" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists, allowing for potential code execution. The issue is related to the `doSwitchApi` function in the "/cgi-bin/luci/api/switch" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, as a temporary workaround, consider disabling the `doSwitchApi` function until a patch is available. Restrict access to the "/cgi-bin/luci/api/switch" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists, allowing for potential code execution. The issue is related to the `runPackDiagnose` function in the "/cgi-bin/luci/api/diagnose" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, as a temporary workaround, consider disabling the `runPackDiagnose` function until a patch is available. Restrict access to the "/cgi-bin/luci/api/diagnose" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists, allowing for potential exploitation via the `checkNet` function in the "/cgi-bin/luci/api/auth" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, as a temporary workaround, consider disabling the `checkNet` function until a patch is available. Restrict access to the "/cgi-bin/luci/api/auth" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruijie Networks Ruijie RG-EW Series Routers versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55 **Description** A Remote Code Execution (RCE) issue exists via the `updateVersion` function in the "/cgi-bin/luci/api/wireless" API endpoint. **Recommendations** For versions up to ReyeeOS 1.55.1915 / EW 3.0(1)B11P55, consider disabling the `updateVersion` function in the "/cgi-bin/luci/api/wireless" API endpoint as a temporary workaround until a patch is available.