CVE-2024-4509 | Ruijie RG-UAC up to 20240428 add_commit.php ip_addr/mac_addr os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection.

This vulnerability is known as CVE-2024-4509. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4509 | Ruijie RG-UAC up to 20240428 add_commit.php ip_addr/mac_addr os command injection

Related Posts

CVE-2021-47131 | Linux Kernel up to 5.10.42/5.12/5.12.9 TLS tls_device_down use after free (f1d4184f128d/0f1e6fe66977/c55dcdd435aa)

CVE-2024-29843 | CS Technologies Australia Evolution Controller up to 2.04.560.31.03.2024 Web Interface information disclosure

CVE-2024-34573 | Pootlepress Pootle Pagebuilder Plugin up to 5.7.1 on WordPress cross site scripting

CVE-2024-35179 | stalwartlabs mail-server up to 0.7.x Web Interface privilege dropping / lowering errors (GHSA-5pfx-j27j-4c6h)