66 matches found
CVE-2025-56095
OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56084
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117) allows remote attackers to execute arbitrary commands via a crafted POST to /usr/local/lua/dev_sta/nbr_cwmp.lua (module_set). Root cause is unverified input reaching a command execution surface. Affected ...
CVE-2025-56083
CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...
EUVD-2025-202746
OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
PT-2025-50682
Name of the Vulnerable Software and Affected Versions Ruijie M18 EW 3.01B11P226 M18 10223116 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module set component within the file...
CVE-2025-56118
OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56083
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...
PT-2025-50661
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...
CVE-2025-56120
OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56090
OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56106
CVE-2025-56106 applies to Ruijie RG-EW1800GX (B11P226_EW1800GX_10223121). The vulnerability is an OS Command Injection that allows an attacker to execute arbitrary commands via a crafted POST request to the module_set handler in /usr/local/lua/dev_sta/nbr_cwmp.lua. Impact is high (arbitrary comma...
CVE-2025-56117
Summary: CVE-2025-56117 is an OS Command Injection in Ruijie X30-PRO (X30-PRO-V1_09241521). The flaw allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set handler in the file /usr/local/lua/dev_sta/nbr_cwmp.lua. What is affected: Ruijie X30-PRO devic...
CVE-2025-56091
CVE-2025-56091 is an OS Command Injection affecting Ruijie RG-EW1800GX (B11P226_EW1800GX_10223121). An attacker can trigger arbitrary command execution via a crafted POST to /usr/local/lua/dev_config/config_retain.lua (module_set). The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector,...
Ruijie X60 PRO 安全漏洞
Ruijie X60 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie X60 PRO X6010212014RG-X60 PRO version V1.00V2.00, which originates from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua,...
CVE-2025-56089
CVE-2025-56089 describes an OS Command Injection in Ruijie M18 EW firmware version 3.0(1)B11P226 M18 10223116. The flaw allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set handler in /usr/local/lua/dev_sta/nbr_cwmp.lua. Public sources (NVD/Red Hat/...
PT-2025-50667
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set within t...
CVE-2025-56083
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...
CVE-2025-56085
CVE-2025-56085 affects Ruijie RG-EW1200 devices running EW 3.0(1)B11P227 EW1200 11130208RG-EW1200 V1.00. The flaw is an OS command injection in the module_set handler triggered by a crafted POST to /usr/local/lua/dev_config/config_retain.lua, stemming from unvalidated input. This can allow an att...
CVE-2025-56084
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56090
The CVE-2025-56090 issue affects Ruijie RG-EW1200G PRO devices (V1.00–V4.00). It is an OS command injection vulnerability where unvalidated input in the file /usr/local/lua/dev_config/config_retain.lua allows an attacker to execute arbitrary commands via a crafted POST to the module_set function....