OS Command Injection Vulnerability in Ruijie RG-BCR Network Devices
CVE-2025-56111

8.8HIGH

Key Information:

Vendor: Ruijie
Status: RG-BCR860
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-56111?

The Ruijie RG-BCR860 suffers from an OS Command Injection vulnerability that enables malicious actors to execute arbitrary commands through a specially crafted POST request. This security flaw is specifically found in the network_set_wan_conf function located in the netport.lua file. Exploitation of this vulnerability could lead to unauthorized control and risk to sensitive information, making it imperative for users to apply immediate fixes and updates.

References

https://1drv.ms/f/c/12406a392c92914b/EqEQemupso9DldgG-EcU...

https://1drv.ms/t/c/12406a392c92914b/ERJa0DnnR29MqtbLLRQi...

https://github.com/flegoity/Ruijie-Multiple-Devices-Vulne...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Aug 16, 2025

CVE-2025-56111 Data

JSON