CRITICAL🇵🇱 Wersja polska

CVE-2023-48849

CVSS 9.8v3.1pub. 2023-12-06upd. 2024-11-21

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

🤖 AI Analysis
How it works

The vulnerability results from improper filtering of data transmitted to the device, which allows an attacker to craft a malicious network request without requiring authentication. The lack of proper input validation enables the submission and execution of arbitrary code directly on the vulnerable device. The attack is possible remotely over the network without any prerequisites on the attacker's side.

Impact

An attacker can gain full control of the device by executing arbitrary code with its privileges, which may lead to compromises of confidentiality, integrity, and availability of the entire network infrastructure served by the router.

Mitigation & patch

Update firmware to a version newer than EG_3.0(1)B11P216. Apply patches available from the manufacturer according to the references. Until updates are implemented, it is recommended to restrict access to the device management interface only to trusted IP addresses and isolate routers from the public Internet using a firewall.

Who is affected

Ruijie EG Series Routers (RG-EG1000C, RG-EG1000E, RG-EG105G) with firmware version EG_3.0(1)B11P216 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ruijie Rg Eg1000c

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg1000c Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg1000e

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg1000e Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105g

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105g E

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105g E Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105g Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105g P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105g Pe

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105g Pe Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105g P Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105g V2

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105g V2 Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105gw\(t\)

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105gw\(t\) Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg105gw X

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg105gw X Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg2000ce

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg2000ce Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg209gs

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg209gs Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg2100 P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg2100 P Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg210g E

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg210g E Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg210g P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg210g Pe

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Eg210g Pe Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
  • Ruijie Rg Eg210g P Firmware

    OS
    Ruijie
    3.0\(1\)b11p216
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2023-34644CRITICAL9.8ten sam produkt

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0...

CVE-2023-30308MEDIUM6.5ten sam produkt

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attacke...

CVE-2025-56752CRITICAL9.4PL ✓ten sam vendor

Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series

CVE-2024-42936CRITICAL9.8PL ✓ten sam vendor

RCE w usłudze mqlink.elf urządzenia Ruijie RG-EW300N via MQTT

CVE-2024-24116CRITICAL9.8PL ✓ten sam vendor

Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm