CVE-2025-56124

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

PT-2025-50653

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set...

Ruijie X60 PRO 安全漏洞

Ruijie X60 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie X60 PRO X6010212014RG-X60 PRO version V1.00V2.00, which originates from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua,...

CVE-2025-56082

The CVE-2025-56082 entry describes an OS Command Injection in Ruijie RG-BCR600W. Affected component: the LUCI admin controller at /usr/lib/lua/luci/controller/admin/common.lua. Root cause: unvalidated input in the check_changes function allows arbitrary command execution via a crafted POST reques...

PT-2025-50686

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO B11P226 EW1800GX-PRO 10223117 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module get function within the...

PT-2025-50650

Name of the Vulnerable Software and Affected Versions Ruijie RG-RAP2200E version 247 2200 Description An issue exists in Ruijie RG-RAP2200E 247 2200 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set in the /usr/local/lua/dev...

CVE-2025-56086

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

EUVD-2025-202751

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

PT-2025-50664

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO versions X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module get...

PT-2025-50667

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set within t...

CVE-2025-56117

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56095

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56123

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2025-56091

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56098

Summary of CVE-2025-56098 : Affected device is Ruijie X30-PRO (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the Lua module handler at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. This is triggered by unvalid...

CVE-2025-56120

The CVE-2025-56120 issue affects the Ruijie X60 PRO family (X60_10212014RG-X60 PRO) with firmware versions V1.00 and V2.00. The root cause is an OS Command Injection via a crafted POST request to the module_set in /usr/local/lua/dev_config/config_retain.lua, enabling arbitrary command execution w...

PT-2025-50662

Name of the Vulnerable Software and Affected Versions Ruijie X30 PRO V1 X30-PRO-V1 09241521 Description An issue exists in Ruijie X30 PRO V1 X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module get function within t...

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...