ByteOS Network

ruijie

Source -

NVDADP

BOS Name -

Ruijie Networks Co., Ltd.

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

57Vulnerabilities found

CVE-2023-38902

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-1.83% / 82.16%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 00:00

Updated-08 Oct, 2024 | 14:50

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Vendor-n/a Ruijie Networks Co., Ltd.

Product-rg-rap6260\(g\)rg-eap262\(g\)rg-nbc256_firmware rg-nbs5750-28gt4xs-e_firmware rg-nbs3200-24gt4xs-p rg-nbs2000 rg-nbs252f_firmware rg-nbs5710-24gt4sfp-e_firmware rg-s1930-8gt2sfp rg-nbs5200-24gt4x_firmware rg-rap120v2 rg-eap162\(g\)rg-nb3200-24gt4xs rg-eap102\(f\)rg-ew1800gx_pro rg-eg105g-pe_firmware rg-nbs5750v2-24gt4xs-e_firmware rg-ew1200r_firmware rg-ew1200g_pro_firmware rg-nbs5200-48gt4xs rg-nbs5628xg_firmware rg-eap662\(g\)rg-nbs5300-48mg6xs_firmware rg-rap630ioda rg-rap120_firmware rg-nbs5750v2-24sfp4xs-e_firmware rg-rap2200\(f\)rg-nbs3100-8gt2sfp rg-ew1200g_pro rg-rap2260\(e\)_firmware rg-eg210g-p_firmware rg-rap630cd rg-ew1300g rg-s1930-8gt2sfp-p_firmware rg-nbs2026g-p rg-nbs3100-8gt2sfp-p_firmware rg-eap212\(f\)_firmware rg-eap602 rg-eap262\(g\)_firmware rg-nbs5200-24sfp\/8gt4xs_firmware rg-nbs5300-48mg6xs rg-nbs2000_firmware rg-eap201 rg-s1930-24t4sfp_firmware rg-nbc256 rg-nbs1850gc_v2_firmware rg-s1930-24t4sfp-p rg-nbs1850gc_v2 rg-nbs5816xs rg-rap2260\(g\)_firmware rg-nbs252f rg-rap2200\(g\)rg-s1930-8gt2sfp_firmware rg-eg105g_v2_firmware rg-nbs5528xg rg-nbs5710-24gt4sfp-e-p rg-nbs5816xs_firmware rg-eap101_v2_firmware rg-ew300r_firmware rg-nbs3100-8gt2sfp_firmware rg-nbs3200-24gt4xs-p_firmware rg-nbs3100-24gt4sfp-p_v2 rg-nbs5100-48gt4sfp_firmware rg-nbs7003 rg-nbs5552xg_v2.0_firmware rg-rap630cd_firmware rg-nbs3200-48gt4xs-p rg-nbs5200-24sfp\/8gt4xs rg-nbs5652xg_firmware rg-nbs6002 rg-eap202 rg-nbs5750-28gt4xs-e rg-nbs5750v2-48gt4xs-e rg-rap1200\(f\)rg-eap602_firmware rg-ew3000gx_pro_firmware rg-nbs6100-20xs4vs2qxs-s rg-ew300_pro_firmware rg-ew1200_firmware rg-nbs5552xg rg-nbs3100-48gt4sfp rg-nbs6002_firmware rg-eap102_v2 rg-rap1200\(f\)_firmware rg-eap102\(f\)_firmware rg-eg105g-e_firmware rg-nbs228f rg-rap120 rg-ew3000gx_pro rg-nbs5552xg_firmware rg-eap101_v2 rg-nb3200-24gt4xs_firmware rg-nbs1850gc_firmware rg-nbs3100-8gt2sfp-p rg-nbs3200-48gt4xs rg-ew1800gx_pro_firmware rg-nbs226f_firmware rg-nbs5652xg rg-eg105g_v2 rg-rap630ioda_firmware rg-rap1260\(g\)_firmware rg-rap1200\(e\)_firmware rg-nbs6100-20xs4vs2qxs-s_firmware rg-nbs7006_firmware rg-nbs5710-48gt4sfp-e_firmware rg-s1930-24t4sfp-p_firmware rg-rap2200\(e\)rg-eap102_v2_firmware rg-nbs5100-24gt4sfp_firmware rg-nbs5200-48gt4xs_firmware rg-nbs5710-24gt4sfp-e-p_firmware rg-nbs226f rg-rap6261\(cd\)rg-nbs3200-24sfp\/8gt4xs rg-nbs3100-24gt4sfp_firmware rg-nbs3100-24gt4sfp rg-nbs2009g-p rg-eap162\(g\)_firmware rg-eg105g-pe rg-rap2260\(e\)rg-nbs2026g-p_firmware rg-nbs5750v2-24sfp4xs-e rg-eap202_firmware rg-nbs1850gc rg-nbs7003_firmware rg-nbs3200-24sfp\/8gt4xs_firmware rg-nbs5100-24gt4sfp rg-nbs7006 rg-eap662\(g\)_firmware rg-eap102_firmware rg-nbs5710-24gt4sfp-e rg-nbs3100-24gt4sfp-p_firmware rg-eap212\(g\)rg-ew3200gx_pro rg-rap100 rg-eap201_firmware rg-nbs3200-48gt4xs_firmware rg-nbs228f_firmware rg-rap2200\(e\)_firmware rg-rap6261\(e\)rg-nbs3100-48gt4sfp_firmware rg-nbs5552xg_v2.0 rg-ew300_pro rg-s1930-24gt4sfp_firmware rg-eg210g-e rg-s1930-24gt4sfp rg-eg210g-e_firmware rg-eg210g-p rg-nbs5200-24gt4x rg-s1930-8gt2sfp-p rg-nbs5710-48gt4sfp-e rg-ew300r rg-nbs3100-24gt4sfp-p_v2_firmware rg-nbs5528xg_firmware rg-eap101 rg-nbs2009g-p_firmware rg-nbs3200-48gt4xs-p_firmware rg-rap1260\(g\)rg-nbs2026g_firmware rg-eg210g-pe rg-rap100_firmware rg-eap102 rg-ew1200r rg-nbs5628xg rg-eap101_firmware rg-s1930-8t2sfp-p rg-s1930-8t2sfp-p_firmware rg-nbc512_firmware rg-s1930-24t4sfp rg-nbs5750v2-24gt4xs-e rg-eg210g-pe_firmware rg-nbs200_firmware rg-nbs5750v2-48gt4xs-e_firmware rg-rap6260\(g\)_firmware rg-ew1200 rg-rap1200\(e\)rg-eap212\(g\)_firmware rg-nbs3100-24gt4sfp-p rg-rap6261\(cd\)_firmware rg-rap120v2_firmware rg-rap6261\(e\)_firmware rg-nbs5100-48gt4sfp rg-rap2200\(f\)_firmware rg-eg105g-e rg-ew1300g_firmware rg-nbc512 rg-nbs2026g rg-rap2260\(g\)rg-nbs200 rg-eap212\(f\)rg-ew3200gx_pro_firmware rg-rap2200\(g\)_firmware n/a rg-ew_series_routers_and_repeaters rg-s1930 rg-eg rg-ew nbc_series_wireless_controllers

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-4169

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.3||MEDIUM

EPSS-90.96% / 99.62%

7 Day CHG~0.00%

Published-05 Aug, 2023 | 18:00

Updated-02 Aug, 2024 | 07:17

Ruijie RG-EW1200G Administrator Password set_passwd access control

A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Ruijie Networks Co., Ltd.

Product-rg-ew1200g_firmware rg-ew1200g RG-EW1200G

CWE ID-CWE-284

Improper Access Control

CVE-2023-34644

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-18.43% / 94.98%

7 Day CHG~0.00%

Published-31 Jul, 2023 | 00:00

Updated-22 Oct, 2024 | 18:34

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.

Vendor-n/a Ruijie Networks Co., Ltd.

Product-rg-eg2000ce rg-rap6260\(g\)rg-nbc256_firmware rg-nbs3200-24gt4xs-p rg-rap2266_firmware rg-s1930-8gt2sfp rg-nbs3200-24sfp_firmware rg-s1930-8t2sfp_firmware rg-eg3250_firmware rg-ew1200r_firmware rg-ew300 rg-eg3250 rg-rap1261_firmware rg-rap2200\(f\)rg-eg105g-p rg-eg105g rg-nbs3100-8gt2sfp rg-nbs3200-8gt4xs_firmware rg-eg3000xe_firmware rg-rap1200\(p\)_firmware rg-rap2260\(e\)_firmware rg-eg1000e_firmware rg-eg210g-p_firmware rg-s1930-8gt2sfp-p_firmware rg-eg1000c rg-eg1000c_firmware rg-nbs3100-8gt2sfp-p_firmware rg-eg3230_firmware rg-rap6262\(g\)rg-eg305gh-p-e rg-s1930-24t4sfp_firmware rg-nbc256 rg-eg3000eu rg-s1930-24t4sfp-p rg-eg3230 rg-rap6260\(h\)rg-nbs3200-24gt4xs_firmware rg-rap2260\(g\)_firmware rg-eg209gs_firmware rg-s1930-8gt2sfp_firmware rg-eg310gh-e rg-rap2260\(f\)rg-eg105g_firmware rg-rap73hd rg-eg2100-p rg-rap6262\(g\)_firmware rg-ew300r_firmware rg-nbs3100-8gt2sfp_firmware rg-nbs3200-24gt4xs-p_firmware rg-ew1200g rg-rap1260 rg-nbs3200-48gt4xs-p rg-ew1800gx_firmware rg-eg3000xe rg-nbs3100-48gt4sfp-p rg-rap1200\(f\)rg-ew1200_firmware rg-rap1200\(f\)_firmware rg-nbs3200-24sfp rg-eg105g-e_firmware rg-nbs3200-24gt4xs rg-rap2260\(f\)_firmware rg-nbs3100-8gt2sfp-p rg-eg105gw-x rg-nbs3200-48gt4xs rg-eg2000ce_firmware rg-s1930-24t4sfp-p_firmware re-eg1000m_firmware rg-rap2200\(e\)rg-rap6260\(h\)-d rg-eg305gh-p-e_firmware rg-eg310gh-e_firmware rg-ew1800gx re-eg1000m rg-nbs3100-24gt4sfp_firmware rg-nbs3100-24gt4sfp rg-eg105g-p_firmware rg-ew3200gx rg-rap2260\(e\)rg-eg105gw\(t\)rg-rap6202\(g\)rg-rap6202\(g\)_firmware rg-ew1200g_firmware rg-rap6260\(h\)-d_firmware rg-s1930-24gt4sfp-p_firmware rg-nbs3100-24gt4sfp-p_firmware rg-rap1261 rg-rap1260_firmware rg-nbs3200-48gt4xs_firmware rg-nbs3100-48gt4sfp-p_firmware rg-rap2200\(e\)_firmware rg-s1930-24gt4sfp-p rg-s1930-24gt4sfp_firmware rg-eg209gs rg-rap2266 rg-s1930-24gt4sfp rg-eg210g-p rg-s1930-8gt2sfp-p rg-ew300r rg-s1930-8t2sfp rg-rap6260\(h\)_firmware rg-nbs3200-48gt4xs-p_firmware rg-ew1200r rg-nbc512_firmware rg-ew300_firmware rg-s1930-8t2sfp-p rg-s1930-8t2sfp-p_firmware rg-s1930-24t4sfp rg-rap6262_firmware rg-rap1200\(p\)rg-ew3200gx_firmware rg-rap73hd_firmware rg-rap1201 rg-rap6260\(g\)_firmware rg-ew1200 rg-eg1000e rg-eg105gw\(t\)_firmware rg-rap2260_firmware rg-nbs3100-24gt4sfp-p rg-nbs3200-8gt4xs rg-eg3000eu_firmware rg-rap2260 rg-eg105gw-x_firmware rg-rap2200\(f\)_firmware rg-eg105g-e rg-rap1201_firmware rg-nbc512 rg-eg2100-p_firmware rg-rap2260\(g\)rg-rap6262 n/a rap rg-s1930 rg-eg350 eap nbc rg-ew1200

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2023-3450

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.7||MEDIUM

EPSS-59.50% / 98.17%

7 Day CHG~0.00%

Published-28 Jun, 2023 | 18:00

Updated-08 Nov, 2024 | 18:09

Ruijie RG-BCR860 Network Diagnostic Page os command injection

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Ruijie Networks Co., Ltd.

Product-rg-bcr860_firmware rg-bcr860 RG-BCR860 rg-bcr860_firmware

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-3306

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-7.3||HIGH

EPSS-53.70% / 97.90%

7 Day CHG~0.00%

Published-18 Jun, 2023 | 08:00

Updated-16 Dec, 2024 | 19:58

Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control

A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Ruijie Networks Co., Ltd.

Product-rg-ew1200g_firmware rg-ew1200g RG-EW1200G

CWE ID-CWE-284

Improper Access Control

CVE-2020-21627

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.33% / 55.61%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:06

Updated-04 Aug, 2024 | 14:30

Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.

Vendor-n/a Ruijie Networks Co., Ltd.

Product-rg-uac_firmware rg-uac n/a

CVE-2020-21639

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.16%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:06

Updated-04 Aug, 2024 | 14:30

Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Vendor-n/a Ruijie Networks Co., Ltd.

Product-rg-uac_6000-e50_firmware rg-uac_6000-e50 n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')