Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36870 | 2 Ruijie, Ruijienetworks | 44 Eg3210, Eg3220, Eg3230 and 41 more | 2025-11-20 | N/A |
| Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC. | ||||
| CVE-2024-2909 | 1 Ruijie | 2 Rg-eg350, Rg-eg350 Firmware | 2025-11-03 | 8.8 High |
| A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2910 | 1 Ruijie | 2 Rg-eg350, Rg-eg350 Firmware | 2025-11-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30308 | 1 Ruijie | 14 Rg-eg105g, Rg-eg105g Firmware, Rg-eg105g V2 and 11 more | 2025-08-13 | 6.5 Medium |
| An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2025-8763 | 2 Ruijie, Strongswan | 3 Eg306mg, Rg-eg, Strongswan | 2025-08-12 | 3.7 Low |
| A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2024-11-21 | 9.8 Critical |
| Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | ||||
| CVE-2023-38902 | 1 Ruijie | 197 Nbc Series Wireless Controllers, Rg-eap101, Rg-eap101 Firmware and 194 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field. | ||||
| CVE-2023-34644 | 2 Ruijie, Ruijienetworks | 136 Re-eg1000m, Re-eg1000m Firmware, Rg-eg1000c and 133 more | 2024-11-21 | 9.8 Critical |
| Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | ||||
Page 1 of 1.