Description

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.

INFO

Published Date :

2025-10-15T01:22:10.130Z

Last Modified :

2025-10-15T19:27:48.642Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2023-7304 vulnerability.

Vendors Products
Ruijie
  • Rg-uac
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-7304.

URL Resource
https://cn-sec.com/archives/2284248.html cve-icon cve-icon
https://www.vulncheck.com/advisories/ruijie-rg-uac-nmc-sync-php-command-injection cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability