CVE-2024-4508

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240428

Description A critical issue has been found, allowing for OS command injection through the manipulation of the oldipmask, oldgateway, and olddevname arguments in an unknown function of the file /view/IPV6/ipv6StaticRoute/static route edit ipv6.php. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.

Recommendations Update Ruijie RG-UAC to a version later than 20240428. As a temporary workaround, consider restricting access to the /view/IPV6/ipv6StaticRoute/static route edit ipv6.php file until a patch is available. Avoid using the oldipmask, oldgateway, and olddevname arguments in the affected file until the issue is resolved.