CVE-2024-6269 | Ruijie RG-UAC 1.0 HTTP POST Request sxh_vpnlic.php get_ip.addr_details indevice command injection

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection.

This vulnerability was named CVE-2024-6269. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6269 | Ruijie RG-UAC 1.0 HTTP POST Request sxh_vpnlic.php get_ip.addr_details indevice command injection

Related Posts

CVE-2023-52145 | Marios Alexandrou Republish Old Posts Plugin up to 1.21 on WordPress cross-site request forgery

CVE-2024-47084 | Gradio up to 4.43 improper authorization (GHSA-3c67-5hwx-f6wx)

CVE-2023-6278 | Biteship Plugin up to 2.2.24 on WordPress biteship_error/biteship_message cross site scripting

CVE-2024-10607 | code-projects Courier Management System 1.0 /track-result.php Consignment sql injection