CVE-2024-4501

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240428

Description A critical issue affects the processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the tcpDump argument leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations As a temporary workaround, consider disabling access to the /view/bugSolve/captureData/commit.php file until a patch is available. Restrict the use of the tcpDump argument in the commit.php file to minimize the risk of exploitation. Limit access to the commit.php file in the meantime to reduce the risk of remote attack. Upgrade to a newer version as soon as possible and check logs for signs of exploit. At the moment, there is no information about a newer version that contains a fix for this vulnerability.