CVE-2024-4507 | Ruijie RG-UAC up to 20240428 static_route_add_ipv6.php text_prefixlen/text_gateway/devname os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection.

The identification of this vulnerability is CVE-2024-4507. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4507 | Ruijie RG-UAC up to 20240428 static_route_add_ipv6.php text_prefixlen/text_gateway/devname os command injection

Related Posts

CVE-2023-7017 | Kontrol Lux Lock Firmware Update code download (VU#949046)

CVE-2024-29202 | JumpServer up to 3.10.6 Jinja2 Template code injection (GHSA-2vvr-vmvx-73ch)

CVE-2024-4904 | Byzoro Smart S200 Management Platform userattestation.php web_img unrestricted upload

CVE-2023-47144 | IBM Tivoli Application Dependency Discovery Manager up to 7.3.0.10 Web UI cross site scripting (XFDB-270271)