A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HRuijie Rg Es205gc
HWRuijiewszystkie wersjeRuijie Rg Es205gc Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es205gc P
HWRuijiewszystkie wersjeRuijie Rg Es205gc P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es206gc P
HWRuijiewszystkie wersjeRuijie Rg Es206gc P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35Ruijie Rg Es206gs P
HWRuijiewszystkie wersjeRuijie Rg Es206gs P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es206mg P
HWRuijiewszystkie wersjeRuijie Rg Es206mg P Firmware
OSRuijieesw_1.0\(1\)b1p42_release\(12142711\)Ruijie Rg Es208gc
HWRuijiewszystkie wersjeRuijie Rg Es208gc Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es209gc P
HWRuijiewszystkie wersjeRuijie Rg Es209gc P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es209mg P
HWRuijiewszystkie wersjeRuijie Rg Es209mg P Firmware
OSRuijieesw_1.0\(1\)b1p42_release\(12142711\)Ruijie Rg Es210gc Lp
HWRuijiewszystkie wersjeRuijie Rg Es210gc Lp Firmware
OSRuijieesw_1.0\(1\)b1p27Ruijie Rg Es210gs P
HWRuijiewszystkie wersjeRuijie Rg Es210gs P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es216gc
HWRuijiewszystkie wersjeRuijie Rg Es216gc Firmware
OSRuijieesw_1.0\(1\)b1p27Ruijie Rg Es216gc V2
HWRuijiewszystkie wersjeRuijie Rg Es216gc V2 Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es218gc P
HWRuijiewszystkie wersjeRuijie Rg Es218gc P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35Ruijie Rg Es220gs P
HWRuijiewszystkie wersjeRuijie Rg Es220gs P Firmware
OSRuijieesw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39Ruijie Rg Es224gc
HWRuijiewszystkie wersjeRuijie Rg Es224gc Firmware
OSRuijieesw_1.0\(1\)b1p27
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2024-42936CRITICAL9.8PL ✓ten sam vendor
RCE w usłudze mqlink.elf urządzenia Ruijie RG-EW300N via MQTT
CVE-2024-24116CRITICAL9.8PL ✓ten sam vendor
Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm
CVE-2024-24117CRITICAL9.8PL ✓ten sam vendor
Nieprawidłowe uprawnienia w Ruijie RG-NBS2009G-P umożliwiają privilege escalation
CVE-2019-16639CRITICAL9.8PL ✓ten sam vendor
Command injection w Ruijie EG-2000SE — dostęp bez uwierzytelnienia
CVE-2024-28288CRITICAL9.8PL ✓ten sam vendor
Ruijie RG-NBR700GW — reset hasła administratora bez weryfikacji cookie