CVE-2025-56093
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
11/12/2025
Last modified:
27/01/2026
Description
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ruijie:x30_pro_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruijie:x30_pro:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruijie:rg-ew300_pro_firmware:3.0\(1\)b11p219:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruijie:rg-ew300_pro:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ruijie:rg-eap602_firmware:3.0\(1\)b2p55:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ruijie:rg-eap602:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgnUIwBkg-mndJJX07Igr6d0cic-g?e=4KJbWY
- https://1drv.ms/t/c/12406a392c92914b/Edoz9sBTjeJMqw8K0f3lWgMBNxBlpE9IIUwOX2h2S1cMhw?e=46VlOq
- https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56092.md
- https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56093.md