CVE-2023-34644
CRITICALRuijie RG-EW, RG-NBS, RG-S1930, RG-EG, EAP, RAP, NBC - Remote Code Execution via /cgi-bin/luci/api/auth
Title source: llmDescription
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.
References (2)
Core 2
Core References
Various Sources
https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001
Patch, Vendor Advisory
https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/
Scores
CVSS v3
9.8
EPSS
0.0152
EPSS Percentile
71.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (50)
ruijie/re-eg1000m_firmware
3.0\(1\)b11p216
ruijie/rg-eg1000c_firmware
3.0\(1\)b11p216
ruijie/rg-eg1000e_firmware
3.0\(1\)b11p216
ruijie/rg-eg105g-e_firmware
3.0\(1\)b11p216
ruijie/rg-eg105g-p_firmware
3.0\(1\)b11p216
ruijie/rg-eg105g_firmware
3.0\(1\)b11p216
ruijie/rg-eg105gw-x_firmware
3.0\(1\)b11p216
ruijie/rg-eg105gw\(t\)_firmware
3.0\(1\)b11p216
ruijie/rg-eg2000ce_firmware
3.0\(1\)b11p216
ruijie/rg-eg209gs_firmware
3.0\(1\)b11p216
... and 40 more
Published
Jul 31, 2023
Tracked Since
Feb 18, 2026