CVE-2023-7304

Name of the Vulnerable Software and Affected Versions Ruijie RG-UAC Application Management Gateway (affected versions not specified)

Description The Ruijie RG-UAC Application Management Gateway contains a command injection issue through the nmc sync.php interface. An unauthenticated attacker who can access the affected endpoint can inject shell commands via manipulated request data, potentially allowing the execution of arbitrary commands on the host system. Successful exploitation could grant full control of the application process and, depending on service privileges, may lead to system-level access. The Rondo botnet has been observed targeting this issue. The vulnerable endpoint is /nmc sync.php.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.