CVE-2024-24116
CRITICAL NUCLEIRuijie RG-NBS2009G-P - Improper Authentication
Title source: nucleiExploitation Summary
CVE-2024-24116 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
Nuclei Templates (1)
Ruijie RG-NBS2009G-P - Improper Authentication
CRITICALVERIFIEDby friea
FOFA:
body="ruijie.com.cn"
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/zty-1995/7a5e3ad0eb3b6c44db1a6eb4092893d3
Exploit, Third Party Advisory
https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Unauthorized%20Access%20Vulnerability
Scores
CVSS v3
9.8
EPSS
0.2414
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-280
Status
published
Products (1)
ruijie/rg-nbs2009g-p_firmware
10.4\(1\)p2_release\(9736\)
Published
Oct 02, 2024
Tracked Since
Feb 18, 2026