CVE-2025-56108
HIGHRuijie X30-PRO Firmware - OS Command Injection via pwdmodify POST Request
Title source: llmDescription
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
References (3)
Core 3
Core References
Broken Link, Exploit
https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgnUIwBkg-mndJJX07Igr6d0cic-g?e=4KJbWY
Scores
CVSS v3
8.8
EPSS
0.0232
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (5)
ruijie/rg-eap602_firmware
3.0\(1\)b2p55
ruijie/rg-est310_firmware
3.0\(1\)b11p211
ruijie/rg-est350_firmware
3.0\(1\)b11p221
ruijie/rg-ew300_pro_firmware
3.0\(1\)b11p219
ruijie/x30_pro_firmware
Published
Dec 11, 2025
Tracked Since
Feb 18, 2026