CVE-2024-6269

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC version 1.0

Description The issue exists due to insufficient input validation in the get ip.addr details function of the /view/vpn/autovpn/sxh vpnlic.php file. This allows a remote attacker to execute arbitrary commands by manipulating the indevice argument, leading to command injection. The attack can be initiated remotely.

Recommendations For Ruijie RG-UAC version 1.0, consider disabling the get ip.addr details function until a patch is available. Restrict access to the /view/vpn/autovpn/sxh vpnlic.php file to minimize the risk of exploitation. Avoid using the indevice argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.