Ruijie: Security Vulnerabilities
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
CVSS Score
9.4
EPSS Score
0.003
Published
2025-09-03
A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.0
EPSS Score
0.007
Published
2025-08-25
Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-11
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
CVSS Score
9.8
EPSS Score
0.034
Published
2025-01-21
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-10-15
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-10-02
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
CVSS Score
9.8
EPSS Score
0.889
Published
2024-10-02
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-08-26
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-07-16
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-16