CVE-2025-56106

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

11/12/2025

Last modified:

11/12/2025

Description

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Impact

References to Advisories, Solutions, and Tools

https://1drv.ms/f/c/12406a392c92914b/EgUg1zJuaItDmLxZhkCg4B8BcJTRYnXyX4ePIIjNoZrRew?e=a23cK6
https://1drv.ms/t/c/12406a392c92914b/EcUP8SMciOVBgNEy31-OnnkBQRk_fUCDWUtdDX8UBfbXEA?e=FuQDPi
https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56106.md