OS Command Injection in Ruijie RG-BCR600W Network Device
CVE-2025-56082

8.8HIGH

Key Information:

Vendor: Ruijie
Status: RG-BCR600W
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-56082?

The Ruijie RG-BCR600W network device is susceptible to an OS Command Injection vulnerability that allows an attacker to execute arbitrary commands. This security flaw can be exploited through a specially crafted POST request directed at the check_changes function in the common.lua file, located in the system's LUA controller architecture. Exploitation of this vulnerability may lead to unauthorized control over the device and potential compromise of network security.

References

https://1drv.ms/t/c/12406a392c92914b/EfCFw0RRV0hJvpV0rBLv...

https://1drv.ms/f/c/12406a392c92914b/Evvem8Mw6SlNh-ZJpY_9...

https://github.com/flegoity/Ruijie-Multiple-Devices-Vulne...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Aug 16, 2025

JSON