CVE-2024-28288

Name of the Vulnerable Software and Affected Versions Ruijie RG-NBR700GW version 10.3(4b12)

Description The issue is related to a lack of cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can exploit this to log in to the device and disrupt enterprise business. The vulnerability is associated with deficiencies in the password recovery mechanism, allowing a remote attacker to reset or change passwords without knowing the original password.

Recommendations For Ruijie RG-NBR700GW version 10.3(4b12), consider disabling the password reset feature until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of unauthorized login and business disruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.