Ruijie BCR810W Tracert Page os command injection
CVE-2023-3608

8.8HIGH

Key Information:

Vendor
Ruijie
Status
BCR810W
Vendor
CVE Published:
10 July 2023

Summary

A significant OS command injection vulnerability exists in the Ruijie BCR810W version 2.5.10, specifically impacting the Tracert Page component. This vulnerability allows attackers to manipulate commands remotely, posing a potential risk to network integrity. The details of this exploit have been made public, increasing the urgency for users to secure their devices.

Affected Version(s)

BCR810W 2.5.10

References

https://vuldb.com/?id.233477
vdb-entrytechnical-description
https://vuldb.com/?ctiid.233477
signaturepermissions-required
https://github.com/cq535454518/cve/blob/main/RG-BCR810W.md
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

cq535454518 (VulDB User)
.
CVE-2023-3608 : Ruijie BCR810W Tracert Page os command injection | SecurityVulnerability.io