CVE-2024-4507

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240428

Description A critical issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static route add ipv6.php. The manipulation of the arguments text prefixlen, text gateway, and devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Ruijie RG-UAC up to 20240428, as a temporary workaround, consider restricting access to the file /view/IPV6/ipv6StaticRoute/static route add ipv6.php until a patch is available. Avoid using the arguments text prefixlen, text gateway, and devname in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.