CVE-2024-5339

🗓️ 25 May 2024 16:31:04Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 52 Views🌐 WEB

A critical vulnerability found in Ruijie RG-UAC up to 20240516 allows remote attackers to execute os commands via manipulation of the peernode argument in online_check.php

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability of the /view/vpn/autovpn/online_check.php file in the Ruijie RG-UAC router micro-programming software allows a perpetrator to execute any command they desire.	29 May 202400:00	–	bdu_fstec
CNNVD	Ruijie Networks RG-UAC 操作系统命令注入漏洞	25 May 202400:00	–	cnnvd
Cvelist	CVE-2024-5339 Ruijie RG-UAC online_check.php os command injection	25 May 202416:31	–	cvelist
EUVD	EUVD-2024-46564	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5339	25 May 202417:15	–	nvd
RedhatCVE	CVE-2024-5339	23 May 202508:27	–	redhatcve
Vulnrichment	CVE-2024-5339 Ruijie RG-UAC online_check.php os command injection	25 May 202416:31	–	vulnrichment

NVD

Vulners

Node

ruijie rg-uac_6000-cc_firmwareMatch-

AND

ruijie rg-uac_6000-ccMatch-

Node

ruijie rg-uac_6000-e10_firmwareMatch-

AND

ruijie rg-uac_6000-e10Match-

Node

ruijie rg-uac_6000-e10_firmwareMatch-

AND

ruijie rg-uac_6000-e10Match3.0

Node

ruijie rg-uac_6000-e10c_firmwareMatch-

AND

ruijie rg-uac_6000-e10cMatch-

Node

ruijie rg-uac_6000-e20_firmwareMatch-

AND

ruijie rg-uac_6000-e20Match-

Node

ruijie rg-uac_6000-e20c_firmwareMatch-

AND

ruijie rg-uac_6000-e20cMatch-

Node

ruijie rg-uac_6000-e20m_firmwareMatch-

AND

ruijie rg-uac_6000-e20mMatch-

Node

ruijie rg-uac_6000-e50_firmwareMatch-

AND

ruijie rg-uac_6000-e50Match-

Node

ruijie rg-uac_6000-e50c_firmwareMatch-

AND

ruijie rg-uac_6000-e50cMatch-

Node

ruijie rg-uac_6000-e50m_firmwareMatch-

AND

ruijie rg-uac_6000-e50mMatch-

Node

ruijie rg-uac_6000-ea_firmwareMatch-

AND

ruijie rg-uac_6000-eaMatch-

Node

ruijie rg-uac_6000-ei_firmwareMatch-

AND

ruijie rg-uac_6000-eiMatch-

Node

ruijie rg-uac_6000-isg02_firmwareMatch-

AND

ruijie rg-uac_6000-isg02Match-

Node

ruijie rg-uac_6000-isg10_firmwareMatch-

AND

ruijie rg-uac_6000-isg10Match-

Node

ruijie rg-uac_6000-isg200_firmwareMatch-

AND

ruijie rg-uac_6000-isg200Match-

Node

ruijie rg-uac_6000-isg40_firmwareMatch-

AND

ruijie rg-uac_6000-isg40Match-

Node

ruijie rg-uac_6000-si_firmwareMatch-

AND

ruijie rg-uac_6000-siMatch-

Node

ruijie rg-uac_6000-u3100_firmwareMatch-

AND

ruijie rg-uac_6000-u3100Match-

Node

ruijie rg-uac_6000-u3210_firmwareMatch-

AND

ruijie rg-uac_6000-u3210Match-

Node

ruijie rg-uac_6000-x100_firmwareMatch-

AND

ruijie rg-uac_6000-x100Match-

Node

ruijie rg-uac_6000-x100s_firmwareMatch-

AND

ruijie rg-uac_6000-x100sMatch-

Node

ruijie rg-uac_6000-x20_firmwareMatch-

AND

ruijie rg-uac_6000-x20Match-

Node

ruijie rg-uac_6000-x200_firmwareMatch-

AND

ruijie rg-uac_6000-x200Match-

Node

ruijie rg-uac_6000-x20m_firmwareMatch-

AND

ruijie rg-uac_6000-x20mMatch-

Node

ruijie rg-uac_6000-x20me_firmwareMatch-

AND

ruijie rg-uac_6000-x20meMatch-

Node

ruijie rg-uac_6000-x300d_firmwareMatch-

AND

ruijie rg-uac_6000-x300dMatch-

Node

ruijie rg-uac_6000-x60_firmwareMatch-

AND

ruijie rg-uac_6000-x60Match-

Node

ruijie rg-uac_6000-xs_firmwareMatch-

AND

ruijie rg-uac_6000-xsMatch-

[
  {
    "vendor": "Ruijie",
    "product": "RG-UAC",
    "versions": [
      {
        "version": "20240516",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-autovpn%3Aonline_check.php.pdf
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
peernode	query param	/view/vpn/autovpn/online_check.php	OS command injection via manipulation of the peernode argument in /view/vpn/autovpn/online_check.php (CVE-2024-5339).	CWE-78

17 Jun 2026 08:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.14.7 - 7.2

CVSS 45.1

CVSS 25.8

CVSS 34.7

EPSS0.07871

SSVC

CWE-78