CVE-2024-4504 | Ruijie RG-UAC up to 20240428 commit.php peer_ip/local_ip os command injection

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation of the argument peer_ip/local_ip leads to os command injection.

This vulnerability is handled as CVE-2024-4504. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4504 | Ruijie RG-UAC up to 20240428 commit.php peer_ip/local_ip os command injection

Related Posts

CVE-2024-28090 | Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D dyn_dns.asp User name cross site scripting

CVE-2024-37392 | SMSEagle up to 5.x SMS Message cross site scripting

CVE-2023-23474 | IBM Cognos Controller 10.4.1/10.4.2/11.0.0 information exposure (XFDB-245403)

CVE-2024-26795 | Linux Kernel up to 5.10.211/5.15.150/6.1.80/6.6.20/6.7.8 vmemmap pfn_to_page out-of-bounds