Lucene search

[email protected]CVE-2023-38902

HistoryAug 17, 2023 - 1:15 p.m.

CVE-2023-38902

2023-08-1713:15:11

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-38902

command injection

rg-ew

rg-nbs

rg-s1930

rg-eg

eap

rap

nbc

remote command execution

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Affected configurations

NVD

Node

ruijierg-ew1200_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew1200Match-

Node

ruijierg-ew1200g_pro_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew1200g_proMatch-

Node

ruijierg-ew1200r_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew1200rMatch-

Node

ruijierg-ew1300g_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew1300gMatch-

Node

ruijierg-ew1800gx_pro_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew1800gx_proMatch-

Node

ruijierg-ew3000gx_pro_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew3000gx_proMatch-

Node

ruijierg-ew300_pro_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew300_proMatch-

Node

ruijierg-ew300r_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew300rMatch-

Node

ruijierg-ew3200gx_pro_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-ew3200gx_proMatch-

Node

ruijierg-nb3200-24gt4xsMatch-

AND

ruijierg-nb3200-24gt4xs_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs1850gcMatch-

AND

ruijierg-nbs1850gc_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs1850gc_v2Match-

AND

ruijierg-nbs1850gc_v2_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs2000Match-

AND

ruijierg-nbs2000_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs2009g-pMatch-

AND

ruijierg-nbs2009g-p_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs200Match-

AND

ruijierg-nbs200_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs2026g-pMatch-

AND

ruijierg-nbs2026g-p_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs2026gMatch-

AND

ruijierg-nbs2026g_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs226fMatch-

AND

ruijierg-nbs226f_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs228fMatch-

AND

ruijierg-nbs228f_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs252fMatch-

AND

ruijierg-nbs252f_firmwareMatch3.0\(1\)b11p219

Node

ruijierg-nbs3100-24gt4sfp-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-24gt4sfp-pMatch-

Node

ruijierg-nbs3100-24gt4sfp-p_v2_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-24gt4sfp-p_v2Match-

Node

ruijierg-nbs3100-24gt4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-24gt4sfpMatch-

Node

ruijierg-nbs3100-48gt4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-48gt4sfpMatch-

Node

ruijierg-nbs3100-8gt2sfp-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-8gt2sfp-pMatch-

Node

ruijierg-nbs3100-8gt2sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3100-8gt2sfpMatch-

Node

ruijierg-nbs3200-24gt4xs-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3200-24gt4xs-pMatch-

Node

ruijierg-nbs3200-24sfp\/8gt4xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3200-24sfp\/8gt4xsMatch-

Node

ruijierg-nbs3200-48gt4xs-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3200-48gt4xs-pMatch-

Node

ruijierg-nbs3200-48gt4xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs3200-48gt4xsMatch-

Node

ruijierg-nbs5100-24gt4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5100-24gt4sfpMatch-

Node

ruijierg-nbs5100-48gt4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5100-48gt4sfpMatch-

Node

ruijierg-nbs5200-24gt4x_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5200-24gt4xMatch-

Node

ruijierg-nbs5200-24sfp\/8gt4xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5200-24sfp\/8gt4xsMatch-

Node

ruijierg-nbs5200-48gt4xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5200-48gt4xsMatch-

Node

ruijierg-nbs5300-48mg6xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5300-48mg6xsMatch-

Node

ruijierg-nbs5528xg_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5528xgMatch-

Node

ruijierg-nbs5552xg_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5552xgMatch-

Node

ruijierg-nbs5552xg_v2.0_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5552xg_v2.0Match-

Node

ruijierg-nbs5628xg_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5628xgMatch-

Node

ruijierg-nbs5652xg_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5652xgMatch-

Node

ruijierg-nbs5710-24gt4sfp-e-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5710-24gt4sfp-e-pMatch-

Node

ruijierg-nbs5710-24gt4sfp-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5710-24gt4sfp-eMatch-

Node

ruijierg-nbs5710-48gt4sfp-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5710-48gt4sfp-eMatch-

Node

ruijierg-nbs5750-28gt4xs-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5750-28gt4xs-eMatch-

Node

ruijierg-nbs5750v2-24gt4xs-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5750v2-24gt4xs-eMatch-

Node

ruijierg-nbs5750v2-24sfp4xs-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5750v2-24sfp4xs-eMatch-

Node

ruijierg-nbs5750v2-48gt4xs-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5750v2-48gt4xs-eMatch-

Node

ruijierg-nbs5816xs_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs5816xsMatch-

Node

ruijierg-nbs6002_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs6002Match-

Node

ruijierg-nbs6100-20xs4vs2qxs-s_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs6100-20xs4vs2qxs-sMatch-

Node

ruijierg-nbs7003_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs7003Match-

Node

ruijierg-nbs7006_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbs7006Match-

Node

ruijierg-s1930-24gt4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-24gt4sfpMatch-

Node

ruijierg-s1930-24t4sfp-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-24t4sfp-pMatch-

Node

ruijierg-s1930-24t4sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-24t4sfpMatch-

Node

ruijierg-s1930-8gt2sfp-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-8gt2sfp-pMatch-

Node

ruijierg-s1930-8gt2sfp_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-8gt2sfpMatch-

Node

ruijierg-s1930-8t2sfp-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-s1930-8t2sfp-pMatch-

Node

ruijierg-eg210g-pe_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg210g-peMatch-

Node

ruijierg-eg210g-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg210g-eMatch-

Node

ruijierg-eg105g-pe_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg105g-peMatch-

Node

ruijierg-eg105g-e_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg105g-eMatch-

Node

ruijierg-eg105g_v2_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg105g_v2Match-

Node

ruijierg-eg210g-p_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eg210g-pMatch-

Node

ruijierg-rap1260\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap1260\(g\)Match-

Node

ruijierg-rap1200\(e\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap1200\(e\)Match-

Node

ruijierg-rap1200\(f\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap1200\(f\)Match-

Node

ruijierg-rap120v2_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap120v2Match-

Node

ruijierg-rap100_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap100Match-

Node

ruijierg-rap120_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap120Match-

Node

ruijierg-rap6260\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap6260\(g\)Match-

Node

ruijierg-rap2260\(e\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap2260\(e\)Match-

Node

ruijierg-rap2260\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap2260\(g\)Match-

Node

ruijierg-rap2200\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap2200\(g\)Match-

Node

ruijierg-rap2200\(e\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap2200\(e\)Match-

Node

ruijierg-rap2200\(f\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap2200\(f\)Match-

Node

ruijierg-eap101_v2_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap101_v2Match-

Node

ruijierg-eap102_v2_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap102_v2Match-

Node

ruijierg-eap162\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap162\(g\)Match-

Node

ruijierg-eap102\(f\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap102\(f\)Match-

Node

ruijierg-eap102_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap102Match-

Node

ruijierg-eap101_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap101Match-

Node

ruijierg-rap630ioda_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap630iodaMatch-

Node

ruijierg-rap630cd_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap630cdMatch-

Node

ruijierg-rap6261\(e\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap6261\(e\)Match-

Node

ruijierg-rap6261\(cd\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-rap6261\(cd\)Match-

Node

ruijierg-eap262\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap262\(g\)Match-

Node

ruijierg-eap212\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap212\(g\)Match-

Node

ruijierg-eap212\(f\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap212\(f\)Match-

Node

ruijierg-eap202_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap202Match-

Node

ruijierg-eap201_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap201Match-

Node

ruijierg-eap602_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap602Match-

Node

ruijierg-eap662\(g\)_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-eap662\(g\)Match-

Node

ruijierg-nbc256_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbc256Match-

Node

ruijierg-nbc512_firmwareMatch3.0\(1\)b11p219

AND

ruijierg-nbc512Match-

CPENameOperatorVersion
ruijie:rg-ew1200_firmwareruijie rg-ew1200 firmwareeq3.0\(1\)b11p219

CPE	Name	Operator	Version
ruijie:rg-ew1200_firmware	ruijie rg-ew1200 firmware	eq	3.0\(1\)b11p219

References

gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2023-38902

prion1 cvelist1 nvd1