CVE-2024-24117
CRITICALRuijie RG-NBS2009G-P Firmware 10.4(1)P2 - Privilege Escalation via Login Check State
Title source: llmDescription
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/zty-1995/dbb3d5b2dbf65b4de5b71e57d08139ea
Exploit, Third Party Advisory
https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Any%20user%20login%20exists
Scores
CVSS v3
9.8
EPSS
0.0064
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-732
Status
published
Products (1)
ruijie/rg-nbs2009g-p_firmware
10.4\(1\)p2_release\(9736\)
Published
Oct 02, 2024
Tracked Since
Feb 18, 2026