Ruijie RG-EW1200G Administrator Password set_passwd access control
CVE-2023-4169

8.8HIGH

Key Information:

Vendor
Ruijie
Status
RG-EW1200G
Vendor
CVE Published:
5 August 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 90%

Summary

A vulnerability affecting the Ruijie RG-EW1200G involves improper access controls within the Administrator Password Handler component at the file location /api/sys/set_passwd. This flaw allows remote attackers to manipulate access, potentially enabling unauthorized actions. The issue has been publicly disclosed, raising concerns for users of this network device. Initial contact with the vendor regarding this vulnerability went unanswered, emphasizing the urgent need for users to assess their security configurations.

Affected Version(s)

RG-EW1200G 1.0(1)B1P5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-4169_CVE-2023-3306_CVE-2023-4415
Created by thedarknessdied

References

https://vuldb.com/?id.236185
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236185
signaturepermissions-required
https://github.com/blakespire/repoforcve/tree/main/RG-EW1...
broken-linkexploit

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

t1nk3rl94e (VulDB User)
.
CVE-2023-4169 : Ruijie RG-EW1200G Administrator Password set_passwd access control | SecurityVulnerability.io