CVE-2023-4169

MEDIUM EXPLOITED NUCLEI

Ruijie RG-EW1200G 1.0(1)B1P5 - Improper Access Control in Administrator Password Handler

Title source: llm

Exploitation Summary

CVE-2023-4169 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including thedarknessdied. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for multiple vulnerabilities in Ruijie RG-EW1200G devices, including authentication bypass (CVE-2023-4415), remote code execution (CVE-2023-3306), and unauthorized password reset (CVE-2023-4169). The tool is written in Python and includes features like multi-threading, proxy support, and random user agents.

Description

A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC 27 stars

by thedarknessdied · poc

https://github.com/thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415

View Code ZIP pw:eip

This repository contains a functional exploit for multiple vulnerabilities in Ruijie RG-EW1200G devices, including authentication bypass (CVE-2023-4415), remote code execution (CVE-2023-3306), and unauthorized password reset (CVE-2023-4169). The tool is written in Python and includes features like multi-threading, proxy support, and random user agents.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Rce | Other

Complexity

Moderate

Reliability

Reliable

Target: Ruijie RG-EW1200G

No auth needed

Prerequisites: Network access to the target device · Python environment with requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Ruijie RG-EW1200G Router - Password Reset

HIGHby DhiyaneshDK

Shodan: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

FOFA: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.236185

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.236185

Exploit, Third Party Advisory broken-link exploit

https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G

Scores

CVSS v3 6.3

EPSS 0.4711

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2023-12-01

CWE

CWE-284

Status published

Products (1)

ruijie/rg-ew1200g_firmware 1.0\(1\)b1p5

Published Aug 05, 2023

Tracked Since Feb 18, 2026