CVE-2024-4509 - Vulnerability Details

- Ruijie RG-UAC add_commit.php os command injection

Description

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2024-05-06

Score: 4.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ruijie

RG-UAC

affected

Version	Status	Constraints
`20240428`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-cc:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ea:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ei:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-si:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x200:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x60:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-xs:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Ruijie	Rg-uac	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-44123	A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00323.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-add_commit.php.pdf
https://vuldb.com/?ctiid.263113
https://vuldb.com/?id.263113
https://vuldb.com/?submit.323819

History

Thu, 21 Aug 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ruijie rg-uac 6000-cc Ruijie rg-uac 6000-cc Firmware Ruijie rg-uac 6000-e10 Ruijie rg-uac 6000-e10 Firmware Ruijie rg-uac 6000-e10c Ruijie rg-uac 6000-e10c Firmware Ruijie rg-uac 6000-e20 Ruijie rg-uac 6000-e20 Firmware Ruijie rg-uac 6000-e20c Ruijie rg-uac 6000-e20c Firmware Ruijie rg-uac 6000-e20m Ruijie rg-uac 6000-e20m Firmware Ruijie rg-uac 6000-e50 Ruijie rg-uac 6000-e50 Firmware Ruijie rg-uac 6000-e50c Ruijie rg-uac 6000-e50c Firmware Ruijie rg-uac 6000-e50m Ruijie rg-uac 6000-e50m Firmware Ruijie rg-uac 6000-ea Ruijie rg-uac 6000-ea Firmware Ruijie rg-uac 6000-ei Ruijie rg-uac 6000-ei Firmware Ruijie rg-uac 6000-isg02 Ruijie rg-uac 6000-isg02 Firmware Ruijie rg-uac 6000-isg10 Ruijie rg-uac 6000-isg10 Firmware Ruijie rg-uac 6000-isg200 Ruijie rg-uac 6000-isg200 Firmware Ruijie rg-uac 6000-isg40 Ruijie rg-uac 6000-isg40 Firmware Ruijie rg-uac 6000-si Ruijie rg-uac 6000-si Firmware Ruijie rg-uac 6000-u3100 Ruijie rg-uac 6000-u3100 Firmware Ruijie rg-uac 6000-u3210 Ruijie rg-uac 6000-u3210 Firmware Ruijie rg-uac 6000-x100 Ruijie rg-uac 6000-x100 Firmware Ruijie rg-uac 6000-x100s Ruijie rg-uac 6000-x100s Firmware Ruijie rg-uac 6000-x20 Ruijie rg-uac 6000-x200 Ruijie rg-uac 6000-x200 Firmware Ruijie rg-uac 6000-x20 Firmware Ruijie rg-uac 6000-x20m Ruijie rg-uac 6000-x20m Firmware Ruijie rg-uac 6000-x20me Ruijie rg-uac 6000-x20me Firmware Ruijie rg-uac 6000-x300d Ruijie rg-uac 6000-x300d Firmware Ruijie rg-uac 6000-x60 Ruijie rg-uac 6000-x60 Firmware Ruijie rg-uac 6000-xs Ruijie rg-uac 6000-xs Firmware
CPEs	cpe:2.3:h:ruijie:rg-uac:-:::::::* cpe:2.3:o:ruijie:rg-uac_firmware::::::::	cpe:2.3:h:ruijie:rg-uac_6000-cc:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-ea:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-ei:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-si:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x100:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x200:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x60:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-xs:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:::::::*
Vendors & Products	Ruijie rg-uac Firmware	Ruijie rg-uac 6000-cc Ruijie rg-uac 6000-cc Firmware Ruijie rg-uac 6000-e10 Ruijie rg-uac 6000-e10 Firmware Ruijie rg-uac 6000-e10c Ruijie rg-uac 6000-e10c Firmware Ruijie rg-uac 6000-e20 Ruijie rg-uac 6000-e20 Firmware Ruijie rg-uac 6000-e20c Ruijie rg-uac 6000-e20c Firmware Ruijie rg-uac 6000-e20m Ruijie rg-uac 6000-e20m Firmware Ruijie rg-uac 6000-e50 Ruijie rg-uac 6000-e50 Firmware Ruijie rg-uac 6000-e50c Ruijie rg-uac 6000-e50c Firmware Ruijie rg-uac 6000-e50m Ruijie rg-uac 6000-e50m Firmware Ruijie rg-uac 6000-ea Ruijie rg-uac 6000-ea Firmware Ruijie rg-uac 6000-ei Ruijie rg-uac 6000-ei Firmware Ruijie rg-uac 6000-isg02 Ruijie rg-uac 6000-isg02 Firmware Ruijie rg-uac 6000-isg10 Ruijie rg-uac 6000-isg10 Firmware Ruijie rg-uac 6000-isg200 Ruijie rg-uac 6000-isg200 Firmware Ruijie rg-uac 6000-isg40 Ruijie rg-uac 6000-isg40 Firmware Ruijie rg-uac 6000-si Ruijie rg-uac 6000-si Firmware Ruijie rg-uac 6000-u3100 Ruijie rg-uac 6000-u3100 Firmware Ruijie rg-uac 6000-u3210 Ruijie rg-uac 6000-u3210 Firmware Ruijie rg-uac 6000-x100 Ruijie rg-uac 6000-x100 Firmware Ruijie rg-uac 6000-x100s Ruijie rg-uac 6000-x100s Firmware Ruijie rg-uac 6000-x20 Ruijie rg-uac 6000-x200 Ruijie rg-uac 6000-x200 Firmware Ruijie rg-uac 6000-x20 Firmware Ruijie rg-uac 6000-x20m Ruijie rg-uac 6000-x20m Firmware Ruijie rg-uac 6000-x20me Ruijie rg-uac 6000-x20me Firmware Ruijie rg-uac 6000-x300d Ruijie rg-uac 6000-x300d Firmware Ruijie rg-uac 6000-x60 Ruijie rg-uac 6000-x60 Firmware Ruijie rg-uac 6000-xs Ruijie rg-uac 6000-xs Firmware

Thu, 21 Aug 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ruijie rg-uac Firmware
CPEs		cpe:2.3:h:ruijie:rg-uac:-:::::::* cpe:2.3:o:ruijie:rg-uac_firmware::::::::
Vendors & Products		Ruijie rg-uac Firmware

Subscriptions

Ruijie Rg-uac Rg-uac 6000-cc Rg-uac 6000-cc Firmware Rg-uac 6000-e10 Rg-uac 6000-e10 Firmware Rg-uac 6000-e10c Rg-uac 6000-e10c Firmware Rg-uac 6000-e20 Rg-uac 6000-e20 Firmware Rg-uac 6000-e20c Rg-uac 6000-e20c Firmware Rg-uac 6000-e20m Rg-uac 6000-e20m Firmware Rg-uac 6000-e50 Rg-uac 6000-e50 Firmware Rg-uac 6000-e50c Rg-uac 6000-e50c Firmware Rg-uac 6000-e50m Rg-uac 6000-e50m Firmware Rg-uac 6000-ea Rg-uac 6000-ea Firmware Rg-uac 6000-ei Rg-uac 6000-ei Firmware Rg-uac 6000-isg02 Rg-uac 6000-isg02 Firmware Rg-uac 6000-isg10 Rg-uac 6000-isg10 Firmware Rg-uac 6000-isg200 Rg-uac 6000-isg200 Firmware Rg-uac 6000-isg40 Rg-uac 6000-isg40 Firmware Rg-uac 6000-si Rg-uac 6000-si Firmware Rg-uac 6000-u3100 Rg-uac 6000-u3100 Firmware Rg-uac 6000-u3210 Rg-uac 6000-u3210 Firmware Rg-uac 6000-x100 Rg-uac 6000-x100 Firmware Rg-uac 6000-x100s Rg-uac 6000-x100s Firmware Rg-uac 6000-x20 Rg-uac 6000-x200 Rg-uac 6000-x200 Firmware Rg-uac 6000-x20 Firmware Rg-uac 6000-x20m Rg-uac 6000-x20m Firmware Rg-uac 6000-x20me Rg-uac 6000-x20me Firmware Rg-uac 6000-x300d Rg-uac 6000-x300d Firmware Rg-uac 6000-x60 Rg-uac 6000-x60 Firmware Rg-uac 6000-xs Rg-uac 6000-xs Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-05-06T00:31:03.849Z

Updated: 2024-08-01T20:40:47.396Z

Reserved: 2024-05-05T07:00:26.714Z

Link: CVE-2024-4509

Vulnrichment

Updated: 2024-08-01T20:40:47.396Z

NVD

Status : Analyzed

Published: 2024-05-06T01:15:48.353

Modified: 2025-08-21T18:21:10.650

Link: CVE-2024-4509

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:31:53Z

Weaknesses

CWE-78

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object