CVE-2024-4814 | Ruijie RG-UAC up to 20240506 static_route_edit_commit.php oldipmask/oldgateway os command injection

A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection.

This vulnerability is known as CVE-2024-4814. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4814 | Ruijie RG-UAC up to 20240506 static_route_edit_commit.php oldipmask/oldgateway os command injection

Related Posts

CVE-2020-8007 | Circontrol Raption up to 5.11.2 pwrstudio Web Application command injection

CVE-2023-7141 | code-projects Client Details System 1.0 update-clients.php uid sql injection

CVE-2024-33512 | Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 Local User Authentication Database Service buffer overflow (ARUBA-PSA-2024-004)

CVE-2024-8102 | Ultimate Toolkit Plugin up to 3.0.8 on WordPress Options Update improper authorization