CVE-2025-56111

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 (affected versions not specified)

Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the /usr/lib/lua/luci/controller/admin/netport.lua file, specifically targeting the network set wan conf function. The vulnerability is an OS Command Injection, meaning malicious code can be injected into the system through this request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.