CVE-2025-56083

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...

gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...

Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX version B11P226EW1800GX10223121, which stems from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua, which...

Ruijie X30 PRO 安全漏洞

Ruijie X30 PRO is a home wireless router from China's Ruijie Ruijie. A security vulnerability exists in the Ruijie X30 PRO that stems from improper handling of a specially crafted POST request for pwdmodify in the file /usr/lib/lua/luci/modules/common.lua, which could result in the execution of...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actionwireless in the file /usr/lib/lua/luci/control/admin/wireless.lua, which...

Ruijie RG-YST 安全漏洞

Ruijie RG-YST is a series of wireless bridges from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-YST YSTAP3.01B11P280YST250F V1.xxV2.xx version, which originates from mishandling of a specially crafted POST request for pwdmodify in the file...

Ruijie RG-EW1800GX PRO 安全漏洞

Ruijie RG-EW1800GX PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 version, which originates from a specially crafted POST request to moduleget in file /usr/local/lua/devsta/networkConnect.lua. Improper...

Ruijie X60 PRO 安全漏洞

Ruijie X60 PRO is a home wireless router from China's Ruijie. A security vulnerability exists in the Ruijie X60 PRO that stems from improper handling of a specially crafted POST request for moduleget in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to the execution of...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actiondiagnosis in the file /usr/lib/lua/luci/controller/admin/diagnosis.lua, whi...

Ruijie RG-S1930 安全漏洞

The Ruijie RG-S1930 is a series of Layer 2 network management switches from Ruijie China. A security vulnerability exists in the Ruijie RG-S1930 S1930SWITCH3.01B11P230 version, which originates from improper handling of a specially crafted POST request for moduleupdate in the file...

CVE-2025-56114

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56093

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua...

Ruijie RG-EW1200G PRO 安全漏洞

The Ruijie RG-EW1200G PRO is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1200G PRO that stems from improper handling of a specially crafted POST request for moduleget in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to the executio...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actiondealupdate in the file /usr/lib/lua/luci/controller/api/rcmsAPI.lua, which...

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

Ruijie X60 PRO 安全漏洞

Ruijie X60 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie X60 PRO X6010212014RG-X60 PRO version V1.00V2.00, which originates from improper handling of a specially crafted POST request for moduleset in the file...

Ruijie X30 PRO 安全漏洞

Ruijie X30 PRO is a home wireless router from Ruijie China. A security vulnerability exists in the Ruijie X30 PRO X30-PRO-V109241521 version, which stems from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua, which could lead to the...

PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

PT-2025-50695

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...