CVE-2024-4506 | Ruijie RG-UAC up to 20240428 ip_addr_edit_commit.php text_ip_addr/orgprelen/orgname os command injection

Inserito da Angelo Barbosa | Mag 5, 2024 | CVE

A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument text_ip_addr/orgprelen/orgname leads to os command injection.

This vulnerability was named CVE-2024-4506. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4506 | Ruijie RG-UAC up to 20240428 ip_addr_edit_commit.php text_ip_addr/orgprelen/orgname os command injection

Post correlati

CVE-2024-4561 | Progress WhatsUp Gold up to 2023.1.1 HTTP Request server-side request forgery

CVE-2024-25915 | Raaj Trambadia Pexels Plugin up to 1.2.2 on WordPress server-side request forgery

CVE-2024-0936 | van_der_Schaar LAB TemporAI 0.0.3 PKL File load_from_file deserialization

CVE-2024-3012 | Tenda FH1205 2.0.0.7(775) GetParentControlInfo mac stack-based overflow