Lucene search

CVE-2024-5340

🗓️ 25 May 2024 22:49:15Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

A critical os command injection vulnerability found in Ruijie RG-UAC up to 2024051

Reporter	Title	Published	Views	Family All 3
NVD	CVE-2024-5340	25 May 202422:15	–	nvd
Cvelist	CVE-2024-5340 Ruijie RG-UAC sub_commit.php os command injection	25 May 202421:31	–	cvelist
Vulnrichment	CVE-2024-5340 Ruijie RG-UAC sub_commit.php os command injection	25 May 202421:31	–	vulnrichment

Vulners

Vulnrichment

Node

ruijie rg\-uacMatch20240516

[
  {
    "vendor": "Ruijie",
    "product": "RG-UAC",
    "versions": [
      {
        "version": "20240516",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-autovpn%3Asub_commit.php.pdf

Parameter	Position	Path	Description	CWE
key	query param	/view/vpn/autovpn/sub_commit.php	A vulnerability in Ruijie RG-UAC allows OS command injection via the 'key' parameter.	CWE-78

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 May 2024 22:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS25.8

CVSS34.7

CVSS45.1

EPSS0.00046

SSVC

CWE-78