CVE-2024-6269 | Ruijie RG-UAC 1.0 HTTP POST Request sxh_vpnlic.php get_ip.addr_details indevice command injection

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection.

This vulnerability was named CVE-2024-6269. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6269 | Ruijie RG-UAC 1.0 HTTP POST Request sxh_vpnlic.php get_ip.addr_details indevice command injection

Post correlati

CVE-2024-42262 | Linux Kernel up to 6.10.3 drm_syncobj_put memory leak (ad5fdc48f7a6/32df4abc44f2)

CVE-2024-24763 | JumpServer up to 3.9.x Link redirect (GHSA-p2mq-cm25-g4m5)

CVE-2023-4063 | HP OfficeJet Pro eSCL URL GET Request denial of service

CVE-2024-34989 | RSI PDF HTML Catalog Evolution Module up to 7.0.0 on PrestaShop queryDb sql injection