CVE-2024-24116

high-risk
Published 2024-10-02

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

Do I need to act?

!
88.9% chance of exploitation in next 30 days
EPSS score — higher than 11% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Rg-Nbs2009G-P Firmware

Affected Vendors

Ruijie

References (2)

Third Party Advisory https://gist.github.com/zty-1995/7a5e3ad0eb3b6c44db1a6eb4092893d3
Exploit https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Unauthorized%20Access...
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal