Vulnerability Details CVE-2024-4510
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.7%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 5.8
References
- https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-arp_add_commit.php.pdf
- https://vuldb.com/?ctiid.263114
- https://vuldb.com/?id.263114
- https://vuldb.com/?submit.323820
- https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-arp_add_commit.php.pdf
- https://vuldb.com/?ctiid.263114
- https://vuldb.com/?id.263114
- https://vuldb.com/?submit.323820
Products affected by CVE-2024-4510
-
cpe:2.3:h:ruijie:rg-uac_6000-cc:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e10:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0
-
cpe:2.3:h:ruijie:rg-uac_6000-e10c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-ea:-
-
cpe:2.3:h:ruijie:rg-uac_6000-ei:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg02:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg10:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg200:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg40:-
-
cpe:2.3:h:ruijie:rg-uac_6000-si:-
-
cpe:2.3:h:ruijie:rg-uac_6000-u3100:-
-
cpe:2.3:h:ruijie:rg-uac_6000-u3210:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x100:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x100s:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x200:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20me:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x300d:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x60:-
-
cpe:2.3:h:ruijie:rg-uac_6000-xs:-
-
cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-