Command Injection Vulnerability in Ruijie WS6008 and WS6108 Products
CVE-2023-50993

9.8CRITICAL

Key Information:

Vendor: Ruijie
Vendor: CVE Published:; 20 December 2023

Summary

A command injection vulnerability has been identified in Ruijie's WS6008 and WS6108 networking products. This vulnerability arises from improper input validation in the 'downFiles' function, allowing attackers to execute arbitrary commands on the device. Exploitation of this vulnerability could enable unauthorized access and manipulation of the system, potentially compromising network security. It is crucial for users of affected products to take prompt action to mitigate risks associated with this vulnerability.

References

https://github.com/ef4tless/vuln/blob/master/iot/WS6008-W...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Dec 18, 2023