CVE-2024-6184

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC version 1.0

Description A critical issue exists due to the lack of neutralization of special elements used in an operating system command. This allows a remote attacker to execute arbitrary commands through the servicename parameter. The issue is related to the file /view/systemConfig/reboot/reboot commit.php. The attack can be launched remotely.

Recommendations For Ruijie RG-UAC version 1.0, as a temporary workaround, consider restricting access to the /view/systemConfig/reboot/reboot commit.php file and avoid using the servicename parameter in this context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.