CVE-2024-4506

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240428

Description A critical vulnerability has been found in Ruijie RG-UAC, affecting unknown code of the file /view/IPV6/ipv6Addr/ip addr edit commit.php. The manipulation of the argument text ip addr/orgprelen/orgname leads to os command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations As a temporary workaround, consider restricting access to the file /view/IPV6/ipv6Addr/ip addr edit commit.php until a patch is available. Avoid using the argument text ip addr/orgprelen/orgname in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.