Description

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

INFO

Published Date :

2024-05-13T12:31:07.409Z

Last Modified :

2024-08-01T20:55:08.771Z

Source :

VulDB
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4816 vulnerability.

Vendors Products
Ruijie
  • Rg-uac
  • Rg-uac 6000-cc
  • Rg-uac 6000-cc Firmware
  • Rg-uac 6000-e10
  • Rg-uac 6000-e10 Firmware
  • Rg-uac 6000-e10c
  • Rg-uac 6000-e10c Firmware
  • Rg-uac 6000-e20
  • Rg-uac 6000-e20 Firmware
  • Rg-uac 6000-e20c
  • Rg-uac 6000-e20c Firmware
  • Rg-uac 6000-e20m
  • Rg-uac 6000-e20m Firmware
  • Rg-uac 6000-e50
  • Rg-uac 6000-e50 Firmware
  • Rg-uac 6000-e50c
  • Rg-uac 6000-e50c Firmware
  • Rg-uac 6000-e50m
  • Rg-uac 6000-e50m Firmware
  • Rg-uac 6000-ea
  • Rg-uac 6000-ea Firmware
  • Rg-uac 6000-ei
  • Rg-uac 6000-ei Firmware
  • Rg-uac 6000-isg02
  • Rg-uac 6000-isg02 Firmware
  • Rg-uac 6000-isg10
  • Rg-uac 6000-isg10 Firmware
  • Rg-uac 6000-isg200
  • Rg-uac 6000-isg200 Firmware
  • Rg-uac 6000-isg40
  • Rg-uac 6000-isg40 Firmware
  • Rg-uac 6000-si
  • Rg-uac 6000-si Firmware
  • Rg-uac 6000-u3100
  • Rg-uac 6000-u3100 Firmware
  • Rg-uac 6000-u3210
  • Rg-uac 6000-u3210 Firmware
  • Rg-uac 6000-x100
  • Rg-uac 6000-x100 Firmware
  • Rg-uac 6000-x100s
  • Rg-uac 6000-x100s Firmware
  • Rg-uac 6000-x20
  • Rg-uac 6000-x200
  • Rg-uac 6000-x200 Firmware
  • Rg-uac 6000-x20 Firmware
  • Rg-uac 6000-x20m
  • Rg-uac 6000-x20m Firmware
  • Rg-uac 6000-x20me
  • Rg-uac 6000-x20me Firmware
  • Rg-uac 6000-x300d
  • Rg-uac 6000-x300d Firmware
  • Rg-uac 6000-x60
  • Rg-uac 6000-x60 Firmware
  • Rg-uac 6000-xs
  • Rg-uac 6000-xs Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4816.

URL Resource
https://github.com/h0e4a0r1t/I_L-HxK-pF-uZ1-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-gre_add_commit.php.pdf cve-icon cve-icon cve-icon
https://vuldb.com/?ctiid.263937 cve-icon cve-icon cve-icon
https://vuldb.com/?id.263937 cve-icon cve-icon cve-icon
https://vuldb.com/?submit.329953 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact