CVSS: 10.0EPSS: 0%CPEs: 130EXPL: 0CVE-2023-34644
https://notcve.org/view.php?id=CVE-2023-34644
31 Jul 2023 — Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. • https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 4CVE-2023-3450 – Ruijie RG-BCR860 Network Diagnostic Page os command injection
https://notcve.org/view.php?id=CVE-2023-3450
28 Jun 2023 — A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yuanjinyuyuyu/CVE-2023-3450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3306 – Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control
https://notcve.org/view.php?id=CVE-2023-3306
18 Jun 2023 — A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. • https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-21627
https://notcve.org/view.php?id=CVE-2020-21627
16 Nov 2021 — Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. Se ha detectado que el commit 9071227 de Ruijie RG-UAC contiene una vulnerabilidad en el componente /current_action.php?action=reboot, que permite a los atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados • https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-21639
https://notcve.org/view.php?id=CVE-2020-21639
16 Nov 2021 — Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Se ha detectado que el commit 9071227 de Ruijie RG-UAC 6000-E50 contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro rule_name. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseña... • https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •