PT-2024-3814 · Ruijie · Ruijie Rg-Uac

H0E4A0R1T

Published

2024-05-25

Updated

2024-06-04

CVE-2024-5338

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC up to 20240516

Description A critical issue has been found in the file /view/vpn/autovpn/online.php, where the manipulation of the peernode argument leads to os command injection. This allows an attacker to launch the attack remotely and execute arbitrary commands. The exploit has been disclosed to the public.

Recommendations For Ruijie RG-UAC up to 20240516, as a temporary workaround, consider restricting access to the /view/vpn/autovpn/online.php file to minimize the risk of exploitation. Avoid using the peernode argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-04190

CVE-2024-5338

Affected Products

Ruijie Rg-Uac

PT-2024-3814 · Ruijie · Ruijie Rg-Uac

CVE-2024-5338

Weakness Enumeration

Related Identifiers

Affected Products

References · 9