CVE-2024-4502 | Ruijie RG-UAC up to 20240428 dhcp_client_commit.php ifName os command injection

Inserito da Angelo Barbosa | Mag 5, 2024 | CVE

A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection.

This vulnerability is traded as CVE-2024-4502. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4502 | Ruijie RG-UAC up to 20240428 dhcp_client_commit.php ifName os command injection

Post correlati

CVE-2024-7918 | Pocket Widget Plugin up to 0.1.3 on WordPress Setting cross site scripting

CVE-2024-5452 | lightning-ai pytorch-lightning dynamically-determined object attributes

CVE-2024-5580 | Allegra loadFieldMatch deserialization (ZDI-24-1163)

CVE-2024-4604 | Magarsus Consultancy SSO 1.0 redirect