CVE-2023-48849

high-risk
Published 2023-12-06

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

Do I need to act?

~
2.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Rg-Eg1000C Firmware
Rg-Eg1000E Firmware
Rg-Eg105G Firmware
Rg-Eg105G V2 Firmware
Rg-Eg105G-E Firmware
Rg-Eg105G-P Firmware
Rg-Eg105G-Pe Firmware
Rg-Eg105Gw\(T\) Firmware
Rg-Eg105Gw-X Firmware
Rg-Eg2000Ce Firmware
Rg-Eg209Gs Firmware
Rg-Eg2100-P Firmware
Rg-Eg210G-E Firmware
Rg-Eg210G-P Firmware
Rg-Eg210G-Pe Firmware
Rg-Eg3000Eu Firmware
Rg-Eg3000Xe Firmware
Rg-Eg305Gh-P-E Firmware
Rg-Eg310Gh-E Firmware
Rg-Eg3230 Firmware

Affected Vendors

Ruijie

References (2)

Exploit https://github.com/delsploit/CVE-2023-48849
Exploit https://github.com/delsploit/CVE-2023-48849
58
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 20/34 · Moderate