CVE-2024-5340

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240516

Description A critical issue affects some unknown functionality of the file /view/vpn/autovpn/sub commit.php, allowing for os command injection through the manipulation of the key argument. This can be exploited remotely. The issue has been publicly disclosed and may be used by attackers.

Recommendations For Ruijie RG-UAC up to 20240516, as a temporary workaround, consider restricting access to the /view/vpn/autovpn/sub commit.php file until a patch is available. Avoid using the key argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.