CVE-2024-5337

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC versions up to 20240516

Description A critical issue affects the processing of the file /view/systemConfig/sys user/user commit.php, allowing for os command injection through the manipulation of the email2/user name argument. This can be exploited remotely. The issue has been publicly disclosed and may be used by attackers.

Recommendations For Ruijie RG-UAC versions up to 20240516, as a temporary workaround, consider restricting access to the /view/systemConfig/sys user/user commit.php file and avoid using the email2/user name argument in this context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.