Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
The vulnerability is caused by improper permission configuration (CWE-732) in the component responsible for login state verification. An attacker can remotely exploit this component without requiring authentication or user interaction to bypass access control mechanisms. This results in gaining unauthorized privileges in the RGOS operating system of the device.
An attacker can gain elevated privileges on the network device, which in practice means full control over the switch, including the ability to modify network configuration, intercept network traffic, and perform further lateral movement in the infrastructure.
Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict access to the device management interface only to trusted IP addresses and to place the device behind a dedicated management firewall.
Ruijie RG-NBS2009G-P with RGOS software version 10.4(1)P2 Release (9736)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRuijie Rg Nbs2009g P
HWRuijiewszystkie wersjeRuijie Rg Nbs2009g P Firmware
OSRuijie10.4\(1\)p2_release\(9736\)
Related vulnerabilities
Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected b...
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG...
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected...
Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series