Remote Code Execution Vulnerability in Ruijie EG Series Routers
CVE-2023-48849

9.8CRITICAL

Key Information:

Vendor: Ruijie
Vendor: CVE Published:; 6 December 2023

Badges

👾 Exploit Exists

Summary

The Ruijie EG Series Routers, specifically versions up to EG_3.0(1)B11P216, are susceptible to a vulnerability that enables unauthenticated attackers to execute arbitrary code remotely. This flaw arises from inadequate input validation, posing significant risks to network security. Organizations utilizing these routers must take immediate action to apply the necessary updates to safeguard against potential exploits.

References

https://github.com/delsploit/CVE-2023-48849

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2023
🟡
Public PoC available
Dec 1, 2023
👾
Exploit known to exist
Dec 1, 2023
Vulnerability Reserved
Nov 20, 2023