CVE-2024-28288

CRITICAL

Ruijie RG-NBR700GW <10.3(4b12) - Auth Bypass

Title source: llm

Description

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

References (2)

[Broken Link] https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md

[Broken Link] https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-565

Status published

Products (1)

ruijie/rg-nbr700gw_firmware 10.3\(4b12\)

Published Mar 30, 2024

Tracked Since Feb 18, 2026