Description

A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

INFO

Published Date :

2024-05-13T10:00:05.023Z

Last Modified :

2024-08-01T20:55:10.301Z

Source :

VulDB
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4813 vulnerability.

Vendors Products
Ruijie
  • Rg-uac
  • Rg-uac 6000-cc
  • Rg-uac 6000-cc Firmware
  • Rg-uac 6000-e10
  • Rg-uac 6000-e10 Firmware
  • Rg-uac 6000-e10c
  • Rg-uac 6000-e10c Firmware
  • Rg-uac 6000-e20
  • Rg-uac 6000-e20 Firmware
  • Rg-uac 6000-e20c
  • Rg-uac 6000-e20c Firmware
  • Rg-uac 6000-e20m
  • Rg-uac 6000-e20m Firmware
  • Rg-uac 6000-e50
  • Rg-uac 6000-e50 Firmware
  • Rg-uac 6000-e50c
  • Rg-uac 6000-e50c Firmware
  • Rg-uac 6000-e50m
  • Rg-uac 6000-e50m Firmware
  • Rg-uac 6000-ea
  • Rg-uac 6000-ea Firmware
  • Rg-uac 6000-ei
  • Rg-uac 6000-ei Firmware
  • Rg-uac 6000-isg02
  • Rg-uac 6000-isg02 Firmware
  • Rg-uac 6000-isg10
  • Rg-uac 6000-isg10 Firmware
  • Rg-uac 6000-isg200
  • Rg-uac 6000-isg200 Firmware
  • Rg-uac 6000-isg40
  • Rg-uac 6000-isg40 Firmware
  • Rg-uac 6000-si
  • Rg-uac 6000-si Firmware
  • Rg-uac 6000-u3100
  • Rg-uac 6000-u3100 Firmware
  • Rg-uac 6000-u3210
  • Rg-uac 6000-u3210 Firmware
  • Rg-uac 6000-x100
  • Rg-uac 6000-x100 Firmware
  • Rg-uac 6000-x100s
  • Rg-uac 6000-x100s Firmware
  • Rg-uac 6000-x20
  • Rg-uac 6000-x200
  • Rg-uac 6000-x200 Firmware
  • Rg-uac 6000-x20 Firmware
  • Rg-uac 6000-x20m
  • Rg-uac 6000-x20m Firmware
  • Rg-uac 6000-x20me
  • Rg-uac 6000-x20me Firmware
  • Rg-uac 6000-x300d
  • Rg-uac 6000-x300d Firmware
  • Rg-uac 6000-x60
  • Rg-uac 6000-x60 Firmware
  • Rg-uac 6000-xs
  • Rg-uac 6000-xs Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4813.

URL Resource
https://github.com/h0e4a0r1t/I_L-HxK-pF-uZ1-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-physicalInterface%3Ainterface_commit.php.pdf cve-icon cve-icon cve-icon
https://vuldb.com/?ctiid.263934 cve-icon cve-icon cve-icon
https://vuldb.com/?id.263934 cve-icon cve-icon cve-icon
https://vuldb.com/?submit.330020 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact