OS Command Injection Vulnerability in Ruijie RG-UAC Products
CVE-2024-5340
4.7MEDIUM
What is CVE-2024-5340?
A serious OS command injection vulnerability has been identified in Ruijie RG-UAC products, specifically affecting versions up to 20240516. This vulnerability arises from insufficient validation within the '/view/vpn/autovpn/sub_commit.php' file, allowing remote attackers to manipulate the 'key' argument and execute arbitrary commands on the host operating system. The exploitation of this vulnerability could lead to severe impacts on network security. Despite an early disclosure attempt to the vendor, there has been no response regarding necessary remediation measures. Organizations using affected versions are strongly advised to assess their exposure and implement appropriate security controls immediately.
Affected Version(s)
RG-UAC 20240516