CVE-2024-4509

Severity CVSS v4.0:

Pending analysis

Type:

CWE-78 OS Command Injections

Publication date:

06/05/2024

Last modified:

21/08/2025

Description

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 4.70 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low

Base Score 3.x

4.70

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:L/Au:M/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 5.80 MEDIUM
Vector: AV:N/AC:L/Au:M/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Multiple
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

5.80

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-cc:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-cc:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:::::::*
cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:::::::*
cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:::::::*

CVE-2024-4509

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools