CVE-2024-6185 | Ruijie RG-UAC 1.0 commit.php get_ip_addr_details ethname os command injection

Inserito da Angelo Barbosa | Giu 20, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection.

This vulnerability is handled as CVE-2024-6185. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6185 | Ruijie RG-UAC 1.0 commit.php get_ip_addr_details ethname os command injection

Post correlati

CVE-2023-49838 | KlbTheme on WordPress cross-site request forgery

CVE-2023-41127 | Evergreen Content Poster Auto Post and Schedule Your Best Content to Social Media Plugin cross site scripting

CVE-2024-7157 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 cstecgi.cgi getSaveConfig http_host buffer overflow

CVE-2024-5661 | Citrix Hypervisor 8.2 CU1 LTSR improper control of interaction frequency (CTX677100)