CVE-2024-6187 | Ruijie RG-UAC 1.0 sub_commit.php key os command injection

Posted by Angelo Barbosa | Jun 20, 2024 | CVE

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection.

This vulnerability was named CVE-2024-6187. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6187 | Ruijie RG-UAC 1.0 sub_commit.php key os command injection

Related Posts

CVE-2024-25520 | RuvarOA 6.01/12.01 sys_blogtemplate_new.aspx id sql injection

CVE-2023-51662 | Snowflake .NET Driver up to 2.1.4 certificate validation (GHSA-hwcc-4cv8-cf3h)

CVE-2024-31586 | Computer Laboratory Management System 1.0 Borrower Name/Department/Remarks cross site scripting

CVE-2024-0854 | Synology DiskStation Manager prior 7.2.1-69057-2 File Access redirect (SA_24_02)