Vulnerability Details CVE-2024-5340
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 5.8
References
- https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-autovpn%3Asub_commit.php.pdf
- https://vuldb.com/?ctiid.266246
- https://vuldb.com/?id.266246
- https://vuldb.com/?submit.336038
- https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-autovpn%3Asub_commit.php.pdf
- https://vuldb.com/?ctiid.266246
- https://vuldb.com/?id.266246
- https://vuldb.com/?submit.336038
Products affected by CVE-2024-5340
-
cpe:2.3:h:ruijie:rg-uac_6000-cc:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e10:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0
-
cpe:2.3:h:ruijie:rg-uac_6000-e10c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e20m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50c:-
-
cpe:2.3:h:ruijie:rg-uac_6000-e50m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-ea:-
-
cpe:2.3:h:ruijie:rg-uac_6000-ei:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg02:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg10:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg200:-
-
cpe:2.3:h:ruijie:rg-uac_6000-isg40:-
-
cpe:2.3:h:ruijie:rg-uac_6000-si:-
-
cpe:2.3:h:ruijie:rg-uac_6000-u3100:-
-
cpe:2.3:h:ruijie:rg-uac_6000-u3210:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x100:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x100s:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x200:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20m:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x20me:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x300d:-
-
cpe:2.3:h:ruijie:rg-uac_6000-x60:-
-
cpe:2.3:h:ruijie:rg-uac_6000-xs:-
-
cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-
-
cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-