CVE-2024-4255

moderate-risk

Published 2024-04-27

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Rg-Uac 6000-Cc Firmware

Rg-Uac 6000-E10 Firmware

Rg-Uac 6000-E10C Firmware

Rg-Uac 6000-E20 Firmware

Rg-Uac 6000-E20C Firmware

Rg-Uac 6000-E20M Firmware

Rg-Uac 6000-E50 Firmware

Rg-Uac 6000-E50C Firmware

Rg-Uac 6000-E50M Firmware

Rg-Uac 6000-Ea Firmware

Rg-Uac 6000-Ei Firmware

Rg-Uac 6000-Isg02 Firmware

Rg-Uac 6000-Isg10 Firmware

Rg-Uac 6000-Isg200 Firmware

Rg-Uac 6000-Isg40 Firmware

Rg-Uac 6000-Si Firmware

Rg-Uac 6000-U3100 Firmware

Rg-Uac 6000-U3210 Firmware

Rg-Uac 6000-X100 Firmware

Rg-Uac 6000-X100S Firmware

Affected Vendors

Ruijie

References (8)

Broken Link https://github.com/h0e4a0r1t/g-hdkyyf7L-Z8-5v/blob/main/Ruijie%20RG-UAC%20Unifie...

Permissions Required https://vuldb.com/?ctiid.262145

Third Party Advisory https://vuldb.com/?id.262145

Third Party Advisory https://vuldb.com/?submit.319820

Broken Link https://github.com/h0e4a0r1t/g-hdkyyf7L-Z8-5v/blob/main/Ruijie%20RG-UAC%20Unifie...

Permissions Required https://vuldb.com/?ctiid.262145

Third Party Advisory https://vuldb.com/?id.262145

Third Party Advisory https://vuldb.com/?submit.319820

/ 100

moderate-risk

Severity 19/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 22/34 · High