CVE-2023-34644

high-risk

Published 2023-07-31

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.

Do I need to act?

8.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Rg-Ew1200R Firmware

Rg-Ew300 Firmware

Rg-Ew3200Gx Firmware

Rg-Ew1200G Firmware

Rg-Ew1800Gx Firmware

Rg-Ew300R Firmware

Rg-Ew1200 Firmware

Rg-Eg3000Xe Firmware

Rg-Eg105G Firmware

Rg-Eg305Gh-P-E Firmware

Rg-Eg105G-P Firmware

Rg-Eg3230 Firmware

Rg-Eg1000E Firmware

Rg-Eg105G-E Firmware

Rg-Eg105Gw\(T\) Firmware

Rg-Eg105Gw-X Firmware

Rg-Eg2000Ce Firmware

Rg-Eg2100-P Firmware

Rg-Eg209Gs Firmware

Rg-Eg310Gh-E Firmware

Affected Vendors

Ruijie

References (4)

Patch https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/

https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins...

Patch https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/

https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 10/34 · Low

Exposure 27/34 · High