CVE-2024-5336

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266242 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 4.7 MEDIUM
CVSS v2.0 5.8 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:M/C:P/I:P/A:P

Exploitability : 6.4 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf	Broken Link
https://vuldb.com/?ctiid.266242	Permissions Required VDB Entry
https://vuldb.com/?id.266242	Third Party Advisory VDB Entry
https://vuldb.com/?submit.336031	Third Party Advisory VDB Entry
https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf	Broken Link
https://vuldb.com/?ctiid.266242	Permissions Required VDB Entry
https://vuldb.com/?id.266242	Third Party Advisory VDB Entry
https://vuldb.com/?submit.336031	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-cc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ea:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ei:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-si:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x200:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x60:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-xs:-:*:*:*:*:*:*:*

History

21 Aug 2025, 18:07

Type	Values Removed	Values Added
References	() https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf -	() https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf - Broken Link
References	~~() https://vuldb.com/?ctiid.266242 -~~	() https://vuldb.com/?ctiid.266242 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.266242 -~~	() https://vuldb.com/?id.266242 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.336031 -~~	() https://vuldb.com/?submit.336031 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-xs:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-si:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x200:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-cc:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x100:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-x60:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-ei:-:::::::* cpe:2.3:h:ruijie:rg-uac_6000-ea:-:::::::* cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:::::::*
First Time		Ruijie rg-uac 6000-u3210 Ruijie rg-uac 6000-x300d Ruijie Ruijie rg-uac 6000-si Ruijie rg-uac 6000-e20 Firmware Ruijie rg-uac 6000-e50c Ruijie rg-uac 6000-e50 Ruijie rg-uac 6000-u3100 Ruijie rg-uac 6000-x300d Firmware Ruijie rg-uac 6000-ei Firmware Ruijie rg-uac 6000-x100 Firmware Ruijie rg-uac 6000-x60 Ruijie rg-uac 6000-e50m Firmware Ruijie rg-uac 6000-e20c Ruijie rg-uac 6000-e50c Firmware Ruijie rg-uac 6000-x20me Firmware Ruijie rg-uac 6000-x20m Firmware Ruijie rg-uac 6000-x100s Ruijie rg-uac 6000-isg200 Ruijie rg-uac 6000-x20 Firmware Ruijie rg-uac 6000-x20m Ruijie rg-uac 6000-isg40 Ruijie rg-uac 6000-x100s Firmware Ruijie rg-uac 6000-xs Ruijie rg-uac 6000-e20c Firmware Ruijie rg-uac 6000-e10c Firmware Ruijie rg-uac 6000-x200 Firmware Ruijie rg-uac 6000-si Firmware Ruijie rg-uac 6000-ei Ruijie rg-uac 6000-x60 Firmware Ruijie rg-uac 6000-isg200 Firmware Ruijie rg-uac 6000-cc Firmware Ruijie rg-uac 6000-e20m Ruijie rg-uac 6000-cc Ruijie rg-uac 6000-isg02 Ruijie rg-uac 6000-e50 Firmware Ruijie rg-uac 6000-x100 Ruijie rg-uac 6000-x20me Ruijie rg-uac 6000-x20 Ruijie rg-uac 6000-e20 Ruijie rg-uac 6000-xs Firmware Ruijie rg-uac 6000-u3210 Firmware Ruijie rg-uac 6000-isg10 Firmware Ruijie rg-uac 6000-e50m Ruijie rg-uac 6000-e20m Firmware Ruijie rg-uac 6000-isg40 Firmware Ruijie rg-uac 6000-isg10 Ruijie rg-uac 6000-e10 Ruijie rg-uac 6000-u3100 Firmware Ruijie rg-uac 6000-ea Firmware Ruijie rg-uac 6000-e10c Ruijie rg-uac 6000-x200 Ruijie rg-uac 6000-ea Ruijie rg-uac 6000-isg02 Firmware Ruijie rg-uac 6000-e10 Firmware

21 Nov 2024, 09:47

Type	Values Removed	Values Added
References	() https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf -	() https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf -
References	~~() https://vuldb.com/?ctiid.266242 -~~	() https://vuldb.com/?ctiid.266242 -
References	~~() https://vuldb.com/?id.266242 -~~	() https://vuldb.com/?id.266242 -
References	~~() https://vuldb.com/?submit.336031 -~~	() https://vuldb.com/?submit.336031 -

28 May 2024, 12:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en Ruijie RG-UAC hasta 20240516 y clasificada como crítica. Esta vulnerabilidad afecta a la función addVlan del archivo /view/networkConfig/vlan/vlan_add_commit.php. La manipulación del argumento phyport conduce a la inyección de comandos del sistema operativo. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-266242 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

25 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-25 15:15

Updated : 2025-08-21 18:07

NVD link : CVE-2024-5336

Mitre link : CVE-2024-5336

CVE.ORG link : CVE-2024-5336

JSON object : View

Products Affected

ruijie

rg-uac_6000-e20m_firmware
rg-uac_6000-e50_firmware
rg-uac_6000-x20me_firmware
rg-uac_6000-x60_firmware
rg-uac_6000-x100s_firmware
rg-uac_6000-e50c_firmware
rg-uac_6000-ei
rg-uac_6000-isg10_firmware
rg-uac_6000-ea_firmware
rg-uac_6000-x20me
rg-uac_6000-e20c_firmware
rg-uac_6000-e20c
rg-uac_6000-e50
rg-uac_6000-x100s
rg-uac_6000-u3210_firmware
rg-uac_6000-x20_firmware
rg-uac_6000-x300d
rg-uac_6000-x60
rg-uac_6000-isg02_firmware
rg-uac_6000-e50m
rg-uac_6000-e50m_firmware
rg-uac_6000-x20
rg-uac_6000-cc
rg-uac_6000-e10c
rg-uac_6000-ea
rg-uac_6000-isg200_firmware
rg-uac_6000-e20_firmware
rg-uac_6000-x100_firmware
rg-uac_6000-x100
rg-uac_6000-si_firmware
rg-uac_6000-e20m
rg-uac_6000-x300d_firmware
rg-uac_6000-x200_firmware
rg-uac_6000-u3210
rg-uac_6000-e50c
rg-uac_6000-e10c_firmware
rg-uac_6000-isg02
rg-uac_6000-isg40_firmware
rg-uac_6000-e20
rg-uac_6000-si
rg-uac_6000-isg40
rg-uac_6000-cc_firmware
rg-uac_6000-isg10
rg-uac_6000-ei_firmware
rg-uac_6000-e10
rg-uac_6000-x20m
rg-uac_6000-e10_firmware
rg-uac_6000-u3100
rg-uac_6000-isg200
rg-uac_6000-x200
rg-uac_6000-xs_firmware
rg-uac_6000-u3100_firmware
rg-uac_6000-x20m_firmware
rg-uac_6000-xs

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

4.7 /10