CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 4CVE-2023-3450 – Ruijie RG-BCR860 Network Diagnostic Page os command injection
https://notcve.org/view.php?id=CVE-2023-3450
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yuanjinyuyuyu/CVE-2023-3450 https://github.com/caopengyan/CVE-2023-3450 https://github.com/inviewp/CVE-2023-3450 https://github.com/RCEraser/cve/blob/main/RG-BCR860.md https://vuldb.com/?ctiid.232547 https://vuldb.com/?id.232547 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3306 – Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control
https://notcve.org/view.php?id=CVE-2023-3306
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. • https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md https://vuldb.com/?ctiid.231802 https://vuldb.com/?id.231802 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-21627
https://notcve.org/view.php?id=CVE-2020-21627
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. Se ha detectado que el commit 9071227 de Ruijie RG-UAC contiene una vulnerabilidad en el componente /current_action.php?action=reboot, que permite a los atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados • https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-21639
https://notcve.org/view.php?id=CVE-2020-21639
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Se ha detectado que el commit 9071227 de Ruijie RG-UAC 6000-E50 contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro rule_name. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada • https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •