CVE-2025-58778

HIGH

Ruijie Networks RG-EST300 - Info Disclosure/Privilege Escalation

Title source: llm

Description

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.

References (3)

[Various Sources] https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/

[Various Sources] https://www.ruijie.com/en-global/support/productLifecycle

[Third Party Advisory] https://jvn.jp/en/jp/JVN72648885/

Scores

CVSS v3 7.2

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-912

Status published

Products (4)

Ruijie Networks Co., Ltd./RG-EST300 AP_3.0(1)B2P10_EST300_05232216

Ruijie Networks Co., Ltd./RG-EST300 AP_3.0(1)B2P10_EST300_06151523

Ruijie Networks Co., Ltd./RG-EST300 AP_3.0(1)B2P18_EST300_06210514

Ruijie Networks Co., Ltd./RG-EST300 and AP_3.0(1)B2P10_EST300_05220814

Published Oct 16, 2025

Tracked Since Feb 18, 2026