CVE-2024-4510 | Ruijie RG-UAC up to 20240428 arp_add_commit.php text_ip_addr/text_mac_addr os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection.

This vulnerability is handled as CVE-2024-4510. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4510 | Ruijie RG-UAC up to 20240428 arp_add_commit.php text_ip_addr/text_mac_addr os command injection

Related Posts

CVE-2024-3974 | BuddyPress Plugin up to 12.4.0 on WordPress cross site scripting

CVE-2024-3470 | GitHub Enterprise Server up to 3.11.17/3.12.1 privileges management

CVE-2024-20770 | Adobe Photoshop Desktop up to 24.7.2/25.3.1 out-of-bounds (apsb24-16)

CVE-2024-39701 | Directus up to 10.5.x _in/_nin access control (GHSA-hxgm-ghmv-xjjm)