Description

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

INFO

Published Date :

2024-05-06T00:00:05.098Z

Last Modified :

2024-08-06T18:40:48.727Z

Source :

VulDB
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4508 vulnerability.

Vendors Products
Ruijie
  • Rg-uac
  • Rg-uac 6000-cc
  • Rg-uac 6000-cc Firmware
  • Rg-uac 6000-e10
  • Rg-uac 6000-e10 Firmware
  • Rg-uac 6000-e10c
  • Rg-uac 6000-e10c Firmware
  • Rg-uac 6000-e20
  • Rg-uac 6000-e20 Firmware
  • Rg-uac 6000-e20c
  • Rg-uac 6000-e20c Firmware
  • Rg-uac 6000-e20m
  • Rg-uac 6000-e20m Firmware
  • Rg-uac 6000-e50
  • Rg-uac 6000-e50 Firmware
  • Rg-uac 6000-e50c
  • Rg-uac 6000-e50c Firmware
  • Rg-uac 6000-e50m
  • Rg-uac 6000-e50m Firmware
  • Rg-uac 6000-ea
  • Rg-uac 6000-ea Firmware
  • Rg-uac 6000-ei
  • Rg-uac 6000-ei Firmware
  • Rg-uac 6000-isg02
  • Rg-uac 6000-isg02 Firmware
  • Rg-uac 6000-isg10
  • Rg-uac 6000-isg10 Firmware
  • Rg-uac 6000-isg200
  • Rg-uac 6000-isg200 Firmware
  • Rg-uac 6000-isg40
  • Rg-uac 6000-isg40 Firmware
  • Rg-uac 6000-si
  • Rg-uac 6000-si Firmware
  • Rg-uac 6000-u3100
  • Rg-uac 6000-u3100 Firmware
  • Rg-uac 6000-u3210
  • Rg-uac 6000-u3210 Firmware
  • Rg-uac 6000-x100
  • Rg-uac 6000-x100 Firmware
  • Rg-uac 6000-x100s
  • Rg-uac 6000-x100s Firmware
  • Rg-uac 6000-x20
  • Rg-uac 6000-x200
  • Rg-uac 6000-x200 Firmware
  • Rg-uac 6000-x20 Firmware
  • Rg-uac 6000-x20m
  • Rg-uac 6000-x20m Firmware
  • Rg-uac 6000-x20me
  • Rg-uac 6000-x20me Firmware
  • Rg-uac 6000-x300d
  • Rg-uac 6000-x300d Firmware
  • Rg-uac 6000-x60
  • Rg-uac 6000-x60 Firmware
  • Rg-uac 6000-xs
  • Rg-uac 6000-xs Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4508.

URL Resource
https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-static_route_edit_ipv6.php.pdf cve-icon cve-icon cve-icon
https://vuldb.com/?ctiid.263112 cve-icon cve-icon cve-icon
https://vuldb.com/?id.263112 cve-icon cve-icon cve-icon
https://vuldb.com/?submit.323818 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact