Filtered by vendor Ruijie
Subscribe
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-56130 | 1 Ruijie | 4 Rg-nbs5100-24gt4sfp, Rg-nbs5100-24gt4sfp Firmware, Rg-s1930 and 1 more | 2025-12-31 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua. | |||||
| CVE-2025-56086 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 and 1 more | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | |||||
| CVE-2025-56085 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew300 Pro and 1 more | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | |||||
| CVE-2025-56087 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua. | |||||
| CVE-2025-56107 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua. | |||||
| CVE-2025-56096 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua. | |||||
| CVE-2025-56082 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua. | |||||
| CVE-2025-56077 | 2 Ruijie, Ruijienetworks | 5 Rg-eap162\(g\), Rg-rap1260, Rg-rap2200\(e\) and 2 more | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | |||||
| CVE-2025-56079 | 1 Ruijie | 4 Be50, Be50 Firmware, Rg-ew1300g and 1 more | 2025-12-26 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | |||||
| CVE-2025-56120 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 1 more | 2025-12-23 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | |||||
| CVE-2025-56118 | 1 Ruijie | 4 Rg-ew3200gx, Rg-ew3200gx Firmware, Rg-x60 Pro and 1 more | 2025-12-23 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | |||||
| CVE-2025-56122 | 1 Ruijie | 6 Rg-ew1800gx, Rg-ew1800gx Firmware, Rg-ew1800gx Pro and 3 more | 2025-12-23 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | |||||
| CVE-2025-56124 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 1 more | 2025-12-18 | N/A | 7.8 HIGH |
| OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | |||||
| CVE-2025-56127 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-18 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua. | |||||
| CVE-2025-56129 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2025-12-15 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua. | |||||
| CVE-2024-42936 | 1 Ruijie | 2 Reyee Os, Rg-ew300n | 2025-12-15 | N/A | 9.8 CRITICAL |
| The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. | |||||
| CVE-2025-65363 | 1 Ruijie | 2 Rg-ap720-l, Rg-ap720-l Firmware | 2025-12-12 | N/A | 7.2 HIGH |
| Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint. | |||||
| CVE-2024-2909 | 1 Ruijie | 2 Rg-eg350, Rg-eg350 Firmware | 2025-11-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2910 | 1 Ruijie | 2 Rg-eg350, Rg-eg350 Firmware | 2025-11-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-56752 | 1 Ruijie | 40 Rg-es205gc, Rg-es205gc-p, Rg-es205gc-p Firmware and 37 more | 2025-09-29 | N/A | 9.4 CRITICAL |
| A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi. | |||||