Command Injection Vulnerability in Ruijie RG-UAC Network Management System
CVE-2024-4510

4.7MEDIUM

Key Information:

Vendor
Ruijie
Status
Rg-uac
Vendor
CVE Published:
6 May 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A severe security vulnerability has been identified in the Ruijie RG-UAC device, affecting versions up to 20240428. This vulnerability arises from improper handling of input in the arp_add_commit.php file, leading to potential OS command injection. Attackers can remotely manipulate specific parameters, including text_ip_addr and text_mac_addr, to execute arbitrary commands on the vulnerable system. Given the nature of this vulnerability and its public disclosure, systems utilizing Ruijie RG-UAC devices must be promptly assessed and secured against potential exploitation.

Affected Version(s)

RG-UAC 20240428

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4510 - Proof of Concept

References

https://vuldb.com/?id.263114
vdb-entrytechnical-description
https://vuldb.com/?ctiid.263114
signaturepermissions-required
https://vuldb.com/?submit.323820
third-party-advisory

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability Reserved

Credit

H0e4a0r1t (VulDB User)
.