Shodan
Vulnerabilities
Vulnerable Software
Ruijie:  Security Vulnerabilities
CVE-2025-56111
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua.
CVSS Score
8.8
EPSS Score
0.017
Published
2025-12-11
CVE-2025-56096
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-12-11
CVE-2025-56077
OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-12-11
CVE-2025-56079
OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-12-11
CVE-2025-56082
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-12-11
CVE-2025-56085
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-12-11
CVE-2025-56086
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-12-11
CVE-2025-56087
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-12-11
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-08
CVE-2025-56752
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
CVSS Score
9.4
EPSS Score
0.003
Published
2025-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved