PT-2024-31390 · Ruijie · Ruijie Rg-Uac

H0E4A0R1T

Published

2024-05-05

Updated

2024-06-04

CVE-2024-4504

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240428

Description A critical issue has been found in Ruijie RG-UAC, affecting some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation of the peer ip/local ip argument leads to os command injection. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For Ruijie RG-UAC up to 20240428, as a temporary workaround, consider restricting access to the /view/HAconfig/baseConfig/commit.php file until a patch is available. Avoid using the peer ip and local ip arguments in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-4504

Affected Products

Ruijie Rg-Uac

PT-2024-31390 · Ruijie · Ruijie Rg-Uac

CVE-2024-4504

Weakness Enumeration

Related Identifiers

Affected Products

References · 9