A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
History

Thu, 04 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie rg-es
Vendors & Products Ruijie
Ruijie rg-es

Wed, 03 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-03T17:48:21.937Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-56752

cve-icon Vulnrichment

Updated: 2025-09-03T17:47:36.191Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-03T18:15:35.363

Modified: 2025-09-04T15:35:29.497

Link: CVE-2025-56752

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-04T13:12:26Z