Name of the Vulnerable Software and Affected Versions:

Ruijie RG-ES series switch firmware versions ESW 1.0(1)B1P39

Description:

A vulnerability in the Ruijie RG-ES series switch firmware enables remote attackers to bypass authentication mechanisms, granting them unrestricted access to modify administrative settings and potentially take control of affected devices. This is achieved through a crafted HTTP POST request to the `/user.cgi` API endpoint.

Recommendations:

For Ruijie RG-ES series switch firmware version ESW 1.0(1)B1P39, restrict access to the `/user.cgi` endpoint.