CVE-2023-3450

MEDIUM

Ruijie Rg-bcr860 Firmware - OS Command Injection

Title source: rule

Description

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (2)

nomisec SCANNER 1 stars

by caopengyan · poc

https://github.com/caopengyan/CVE-2023-3450

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by yuanjinyuyuyu · poc

https://github.com/yuanjinyuyuyu/CVE-2023-3450

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.232547

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.232547

Exploit, Third Party Advisory exploit

https://github.com/RCEraser/cve/blob/main/RG-BCR860.md

View Exploit ZIP pw:eip

Scores

CVSS v3 4.7

EPSS 0.6145

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (1)

ruijie/rg-bcr860_firmware 2.5.13

Published Jun 28, 2023

Tracked Since Feb 18, 2026