CVE-2023-4169

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200G version 1.0(1)B1P5

Description A critical issue has been found in the Administrator Password Handler component, specifically affecting an unknown functionality of the file "/api/sys/set passwd". This leads to improper access controls, allowing remote attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For Ruijie RG-EW1200G version 1.0(1)B1P5, as a temporary workaround, consider restricting access to the "/api/sys/set passwd" API endpoint until a patch is available. Additionally, limiting the use of the Administrator Password Handler component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.