PT-2024-2500 · Ruijie · Ruijie Rg-Eg350
H0E4A0R1T
·
Published
2024-03-18
·
Updated
2025-11-03
·
CVE-2024-2909
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ruijie RG-EG350 versions prior to 20240319
Ruijie RG-EG series versions prior to 20240319
Description
A critical issue exists in the
setAction function of the /itbox pi/networksafe.php?a=set file within the HTTP POST Request Handler component. The manipulation of the bandwidth argument allows for operating system command injection. This allows a remote attacker to execute arbitrary commands on the system. The exploit is publicly available.Recommendations
Ruijie RG-EG350 versions prior to 20240319: Update the firmware to version 20240319 or later.
Ruijie RG-EG series versions prior to 20240319: Update the firmware to version 20240319 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruijie Rg-Eg350