CVE-2025-56127

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W (affected versions not specified)

Description An issue exists that allows attackers to execute arbitrary commands. This can be triggered by sending a specially crafted POST request to the get wanobj function within the file /usr/lib/lua/luci/controller/admin/common.lua. The issue is an OS Command Injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.