CVE-2023-4169

MEDIUM EXPLOITED NUCLEI

Ruijie Rg-ew1200g Firmware - Improper Access Control

Title source: rule

Description

A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC 27 stars

by thedarknessdied · poc

https://github.com/thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415

View Code ZIP pw:eip

Nuclei Templates (1)

Ruijie RG-EW1200G Router - Password Reset

HIGHby DhiyaneshDK

Shodan: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

FOFA: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

References (3)

[Exploit, Third Party Advisory] https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.236185

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.236185

Scores

CVSS v3 6.3

EPSS 0.9193

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2023-12-01

CWE

CWE-284

Status published

Products (1)

ruijie/rg-ew1200g_firmware 1.0\(1\)b1p5

Published Aug 05, 2023

Tracked Since Feb 18, 2026