Ruijie · Rg-Es Series · CVE-2025-56752
**Name of the Vulnerable Software and Affected Versions**
Ruijie RG-ES series switch firmware version ESW 1.0(1)B1P39
**Description**
A vulnerability in the Ruijie RG-ES series switch firmware enables remote attackers to bypass authentication mechanisms, granting them unrestricted access to modify administrative settings and potentially take control of affected devices. This is achieved through a crafted HTTP POST request to the `/user.cgi` endpoint.
**Recommendations**
Ruijie RG-ES series switch firmware version ESW 1.0(1)B1P39: Upgrade the firmware to a version that addresses this authentication bypass issue. As a temporary workaround, restrict access to the `/user.cgi` endpoint.