PT-2025-35817 · Ruijie · Rg-Es Series
Tal Hershberg
·
Published
2025-09-03
·
Updated
2025-09-09
·
CVE-2025-56752
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Ruijie RG-ES series switch firmware version ESW 1.0(1)B1P39
Description
A vulnerability in the Ruijie RG-ES series switch firmware enables remote attackers to bypass authentication mechanisms, granting them unrestricted access to modify administrative settings and potentially take control of affected devices. This is achieved through a crafted HTTP POST request to the
/user.cgi endpoint.Recommendations
Ruijie RG-ES series switch firmware version ESW 1.0(1)B1P39: Upgrade the firmware to a version that addresses this authentication bypass issue. As a temporary workaround, restrict access to the
/user.cgi endpoint.Exploit
Fix
LPE
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rg-Es Series