Lucene search

[email protected]CVE-2023-27796

HistoryMar 26, 2023 - 9:15 p.m.

CVE-2023-27796

2023-03-2621:15:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-27796

wireless routers

command injection

security vulnerability

diagnose.lua

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua.

Affected configurations

NVD

Node

ruijienetworksrg-ew1800gx_pro_firmwareMatchew_3.0\(1\)b11p204

AND

ruijienetworksrg-ew1800gx_proMatch-

Node

ruijienetworksrg-ew3200gx_pro_firmwareMatchew_3.0\(1\)b11p204

AND

ruijienetworksrg-ew3200gx_proMatch-

Node

ruijienetworksrg-ew1200g_pro_firmwareMatchew_3.0\(1\)b11p204

AND

ruijienetworksrg-ew1200g_proMatch-

CPENameOperatorVersion
ruijienetworks:rg-ew1800gx_pro_firmwareruijienetworks rg-ew1800gx pro firmwareeqew_3.0\(1\)b11p204

CPE	Name	Operator	Version
ruijienetworks:rg-ew1800gx_pro_firmware	ruijienetworks rg-ew1800gx pro firmware	eq	ew_3.0\(1\)b11p204

References

github.com/winmt/my-vuls/tree/main/RG-EW%20PRO%20Series

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVE-2023-27796

prion1 cvelist1 nvd1