Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control
CVE-2023-3306

7.3HIGH

Key Information:

Vendor
Ruijie
Status
Rg-ew1200g
Vendor
CVE Published:
18 June 2023

Summary

A significant access control vulnerability exists in the Ruijie RG-EW1200G affecting version EW_3.0(1)B11P204. This flaw pertains to improper handling in the Admin Password Handler component, specifically within an unidentified code segment of the file app.09df2a9e44ab48766f5f.js. This vulnerability allows remote attackers to manipulate access controls, potentially leading to unauthorized access. The public disclosure of this exploit raises concerns for users, especially since the vendor has not responded to notifications regarding the issue.

Affected Version(s)

RG-EW1200G EW_3.0(1)B11P204

References

https://vuldb.com/?id.231802
vdb-entrytechnical-description
https://vuldb.com/?ctiid.231802
signaturepermissions-required
https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md
exploit

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RCEraser (VulDB User)
.
CVE-2023-3306 : Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control | SecurityVulnerability.io