CVE-2024-5336 | Ruijie RG-UAC up to 20240516 vlan_add_commit.php addVlan phyport os command injection

Inserito da Angelo Barbosa | Mag 24, 2024 | CVE

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection.

This vulnerability was named CVE-2024-5336. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-5336 | Ruijie RG-UAC up to 20240516 vlan_add_commit.php addVlan phyport os command injection

Post correlati

CVE-2024-23849 | Linux Kernel up to 6.7.1 net/rds/af_rds.c rds_recv_track_latency off-by-one

CVE-2024-35311 | Yubico YubiKey/Security Key/YubiKey Bio/YubiKey FIPS access control

CVE-2023-38618 | GTKWave 3.3.115 VZT integer overflow (TALOS-2023-1812)

CVE-2024-3031 | Fluid Notification Bar Plugin up to 3.2.3 on WordPress cross site scripting