CVE-2024-2642

Name of the Vulnerable Software and Affected Versions Ruijie RG-NBS2009G-P versions up to 20240305 Ruijie Reyee series RG-ES200 (affected versions not specified)

Description A critical vulnerability has been found, allowing for command injection through the manipulation of the Command1 argument in an unknown functionality of the file /EXCU SHELL. This can be exploited remotely. The issue is related to the failure to neutralize special elements used in the OS command, potentially allowing an attacker to execute arbitrary code.

Recommendations For Ruijie RG-NBS2009G-P versions up to 20240305, consider disabling the unknown functionality of the file /EXCU SHELL to prevent command injection until a patch is available. For Ruijie Reyee series RG-ES200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.