Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
The password reset mechanism in the device relies on cookies as an element of user identity verification, however the application does not verify the correctness or authenticity of this cookie (CWE-565: Reliance on Cookies without Validation and Integrity Checking). An attacker can send a crafted password reset request with any or empty cookie, thereby bypassing the authentication mechanism. As a result, it is possible to set a new administrator password without knowledge of previous authentication credentials.
An attacker gains access to the router's administrative panel with administrator privileges, allowing full control over device configuration, network traffic interception, and disruption of enterprise network infrastructure continuity.
Apply patches available from the manufacturer according to references. Until the fix is implemented, it is recommended to restrict access to the router's administrative interface only to trusted IP addresses and isolate the management panel from the public network using a firewall.
Ruijie RG-NBR700GW with firmware version 10.3(4b12)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRuijie Rg Nbr700gw
HWRuijiewszystkie wersjeRuijie Rg Nbr700gw Firmware
OSRuijie10.3\(4b12\)
Related vulnerabilities
Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series
RCE w usłudze mqlink.elf urządzenia Ruijie RG-EW300N via MQTT
Nieprawidłowe uprawnienia w Ruijie RG-NBS2009G-P umożliwiają privilege escalation
Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm
Command injection w Ruijie EG-2000SE — dostęp bez uwierzytelnienia