Ruijie RG-EW1200G login improper authentication
CVE-2023-4415

8.8HIGH

Key Information:

Vendor

Ruijie

Status
RG-EW1200G
Vendor
CVE Published:
18 August 2023

What is CVE-2023-4415?

A vulnerability exists in the Ruijie RG-EW1200G router's API endpoint, specifically in the /api/sys/login function, leading to improper authentication. This flaw allows unauthorized users to potentially gain access to the system, posing a significant risk to the network's security. The vulnerability can be exploited remotely, raising concerns for users who may not be aware of the issue. As of now, Ruijie Networks has not provided a response regarding this disclosure, which makes it crucial for users to assess their systems for potential threats.

Affected Version(s)

RG-EW1200G 07161417 r483

References

https://vuldb.com/?id.237518
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237518
signaturepermissions-required
https://github.com/blakespire/repoforcve/tree/main/RG-EW1...
broken-linkexploit

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

t1nk3rl94e (VulDB User)
JSON
.