CVE-2024-4255

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC versions up to 20240419

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands by manipulating the name argument, leading to os command injection. The attack may be initiated remotely.

Recommendations For versions up to 20240419, as a temporary workaround, consider restricting access to the /view/network Config/GRE/gre edit commit.php file until a patch is available. Avoid using the name argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.