PT-2024-34494 · Ruijie · Ruijie Nbr800G
Zty-1995
·
Published
2024-11-13
·
Updated
2024-11-25
·
CVE-2024-51027
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Ruijie NBR800G gateway version NBR RGOS 11.1(6)B4P9
Description:
The issue is a command execution vulnerability that occurs in the /itbox pi/networksafe.php endpoint via the
province parameter. This allows for potential command execution.Recommendations:
For version NBR RGOS 11.1(6)B4P9, consider disabling access to the /itbox pi/networksafe.php endpoint until a patch is available. Avoid using the
province parameter in the affected endpoint to minimize the risk of exploitation.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruijie Nbr800G