3321 matches found
CVE-2025-56084
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117) allows remote attackers to execute arbitrary commands via a crafted POST to /usr/local/lua/dev_sta/nbr_cwmp.lua (module_set). Root cause is unverified input reaching a command execution surface. Affected ...
CVE-2025-56124
CVE-2025-56124 affects Ruijie X60 PRO routers (V1.00–V2.00). The vulnerability is an OS Command Injection in the module_get function invoked via a crafted POST to /usr/local/lua/dev_sta/networkConnect.lua, allowing an attacker to execute arbitrary commands with local privileges. Multiple sources ...
CVE-2025-56092
CVE-2025-56092 affects Ruijie X30 PRO V1 (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the module_get function located at /usr/local/lua/dev_sta/networkConnect.lua, triggered by a crafted POST request. The CVE details indicate an attacker can execute arbitrary commands wi...
Ruijie RG-EW1200G PRO 安全漏洞
The Ruijie RG-EW1200G PRO is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1200G PRO that stems from improper handling of a specially crafted POST request for moduleget in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to the executio...
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actiondealupdate in the file /usr/lib/lua/luci/controller/api/rcmsAPI.lua, which...
CVE-2025-56091
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56079
Ruijie RG-EW1300G/EW1300G (V1.00, V2.00, V4.00) are affected. The vulnerability is an OS Command Injection in the /usr/local/lua/dev_sta/networkConnect.lua module_get function, exploitable via a crafted POST request to run arbitrary commands (remote, network-based). Root cause is unsafe handling ...
CVE-2025-56113
CVE-2025-56113 affects Ruijie RG-YST EST and YSTAP 3.0(1)B11P280YST250F, with the vulnerable component being the pwdmodify function in /usr/lib/lua/luci/modules/common.lua. The root cause is an OS Command Injection vulnerability triggered by a crafted POST request to pwdmodify, allowing an attack...
CVE-2025-56130
The CVE-2025-56130 affects Ruijie RG-S1930 series switches (S1930SWITCH_3.0(1)B11P230). AOS vulnerability: OS Command Injection via a crafted POST to the module_update endpoint in /usr/local/lua/dev_config/ace_sw.lua. Impact is arbitrary command execution with high severity (CVSS 3.1: AV:N/AC:L/P...
PT-2025-50651
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1300G EW1300G versions 1.00 through 4.00 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module get function within the...
PT-2025-50657
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the run tcpdump function...
PT-2025-50654
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that may allow attackers to execute arbitrary commands. This can occur through a specially crafted POST request sent to the...
CVE-2025-56102
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...
PT-2025-50666
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...
PT-2025-50683
Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...
CVE-2025-56083
CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...
CVE-2025-56098
Summary of CVE-2025-56098 : Affected device is Ruijie X30-PRO (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the Lua module handler at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. This is triggered by unvalid...
CVE-2025-56117
Summary: CVE-2025-56117 is an OS Command Injection in Ruijie X30-PRO (X30-PRO-V1_09241521). The flaw allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set handler in the file /usr/local/lua/dev_sta/nbr_cwmp.lua. What is affected: Ruijie X30-PRO devic...
PT-2025-50674
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX versions B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the...
PT-2025-50688
Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An issue exists in Ruijie X60 PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw present in the module get function within the...