Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.
The vulnerability results from improper filtering of data transmitted to the device, which allows an attacker to craft a malicious network request without requiring authentication. The lack of proper input validation enables the submission and execution of arbitrary code directly on the vulnerable device. The attack is possible remotely over the network without any prerequisites on the attacker's side.
An attacker can gain full control of the device by executing arbitrary code with its privileges, which may lead to compromises of confidentiality, integrity, and availability of the entire network infrastructure served by the router.
Update firmware to a version newer than EG_3.0(1)B11P216. Apply patches available from the manufacturer according to the references. Until updates are implemented, it is recommended to restrict access to the device management interface only to trusted IP addresses and isolate routers from the public Internet using a firewall.
Ruijie EG Series Routers (RG-EG1000C, RG-EG1000E, RG-EG105G) with firmware version EG_3.0(1)B11P216 and earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRuijie Rg Eg1000c
HWRuijiewszystkie wersjeRuijie Rg Eg1000c Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg1000e
HWRuijiewszystkie wersjeRuijie Rg Eg1000e Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105g
HWRuijiewszystkie wersjeRuijie Rg Eg105g E
HWRuijiewszystkie wersjeRuijie Rg Eg105g E Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105g Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105g P
HWRuijiewszystkie wersjeRuijie Rg Eg105g Pe
HWRuijiewszystkie wersjeRuijie Rg Eg105g Pe Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105g P Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105g V2
HWRuijiewszystkie wersjeRuijie Rg Eg105g V2 Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105gw\(t\)
HWRuijiewszystkie wersjeRuijie Rg Eg105gw\(t\) Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg105gw X
HWRuijiewszystkie wersjeRuijie Rg Eg105gw X Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg2000ce
HWRuijiewszystkie wersjeRuijie Rg Eg2000ce Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg209gs
HWRuijiewszystkie wersjeRuijie Rg Eg209gs Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg2100 P
HWRuijiewszystkie wersjeRuijie Rg Eg2100 P Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg210g E
HWRuijiewszystkie wersjeRuijie Rg Eg210g E Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg210g P
HWRuijiewszystkie wersjeRuijie Rg Eg210g Pe
HWRuijiewszystkie wersjeRuijie Rg Eg210g Pe Firmware
OSRuijie3.0\(1\)b11p216Ruijie Rg Eg210g P Firmware
OSRuijie3.0\(1\)b11p216
Related vulnerabilities
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0...
An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attacke...
Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series
RCE w usłudze mqlink.elf urządzenia Ruijie RG-EW300N via MQTT
Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm