CVE-2023-4415

HIGH NUCLEI

Ruijienetworks Rg-ew1200g Firmware - Authentication Bypass

Title source: rule

Description

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Nuclei Templates (1)

Ruijie RG-EW1200G Router Background - Login Bypass

HIGHby DhiyaneshDK

Shodan: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

FOFA: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"

References (3)

[Exploit, Third Party Advisory] https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G-logic

[Permissions Required] https://vuldb.com/?ctiid.237518

[Permissions Required] https://vuldb.com/?id.237518

Scores

CVSS v3 7.3

EPSS 0.8997

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-287

Status published

Products (1)

ruijienetworks/rg-ew1200g_firmware 07161417_r483

Published Aug 18, 2023

Tracked Since Feb 18, 2026