PT-2025-50688

Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An issue exists in Ruijie X60 PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw present in the module get function within the...

CVE-2025-56099

CVE-2025-56099 affects Ruijie RG-YST AP with firmware 3.0(1)B11P280YST250F. The issue is an OS Command Injection in the pwdmodify handler located at /usr/lib/lua/luci/modules/common.lua, triggered by a crafted POST request. The vulnerability allows an attacker to execute arbitrary commands with l...

CVE-2025-56097

Summary: CVE-2025-56097 is an OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117). An attacker can inject and execute arbitrary commands by issuing a crafted POST request to the module_set function in the file /usr/local/lua/dev_config/config_retain.lua. A...

CVE-2025-56085

CVE-2025-56085 affects Ruijie RG-EW1200 devices running EW 3.0(1)B11P227 EW1200 11130208RG-EW1200 V1.00. The flaw is an OS command injection in the module_set handler triggered by a crafted POST to /usr/local/lua/dev_config/config_retain.lua, stemming from unvalidated input. This can allow an att...

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56110

CVE-2025-56110 describes an OS command injection affecting Ruijie RG-BCR RG-BCR860. The vulnerability arises from handling of a crafted POST request to the function at /usr/lib/lua/luci/controller/api/rcmsAPI.lua (action_deal_update), allowing an attacker to execute arbitrary commands. Reported C...

CVE-2025-56090

The CVE-2025-56090 issue affects Ruijie RG-EW1200G PRO devices (V1.00–V4.00). It is an OS command injection vulnerability where unvalidated input in the file /usr/local/lua/dev_config/config_retain.lua allows an attacker to execute arbitrary commands via a crafted POST to the module_set function....

EUVD-2025-202742

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

PT-2025-50663

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO versions X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the setWisp...

PT-2025-50675

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

CVE-2025-56089

CVE-2025-56089 describes an OS Command Injection in Ruijie M18 EW firmware version 3.0(1)B11P226 M18 10223116. The flaw allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set handler in /usr/local/lua/dev_sta/nbr_cwmp.lua. Public sources (NVD/Red Hat/...

PT-2025-50691

Name of the Vulnerable Software and Affected Versions Ruijie RG-S1930 versions S1930SWITCH 3.01B11P230 Description An OS Command Injection issue exists in Ruijie RG-S1930. Successful exploitation allows attackers to execute arbitrary commands. This is achieved by sending a crafted POST request to...

RHEL 8 : redis:6 (RHSA-2025:19238)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19238 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, set...

AlmaLinux 10 : valkey (ALSA-2025:21936)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21936 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

TencentOS Server 3: redis:6 (TSSA-2025:0931)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0931 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RockyLinux 9 : redis (RLSA-2025:20926)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20926 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

RockyLinux 9 : redis:7 (RLSA-2025:19345)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19345 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

RockyLinux 8 : redis:6 (RLSA-2025:19238)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19238 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

RockyLinux 9 : redis:7 (RLSA-2025:20955)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20955 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

AlmaLinux 9 : valkey (ALSA-2025:21916)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21916 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...