CVE-2025-56099

OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56087

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the runtcpdump in file /usr/lib/lua/luci/controller/admin/commontcpdump.lua...

PT-2025-50672

Name of the Vulnerable Software and Affected Versions Ruijie RG-YST AP versions 3.01B11P280YST250F Description An OS Command Injection issue exists in Ruijie RG-YST AP. An attacker can execute arbitrary commands by sending a specially crafted POST request to the /usr/lib/lua/luci/modules/common.l...

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

CVE-2025-56077

CVE-2025-56077 describes an OS Command Injection in Ruijie RG-RAP2200(E) 247 2200. A crafted POST request to the module_set in /usr/local/lua/dev_sta/nbr_cwmp.lua can allow arbitrary commands execution. CVSSv3.1 base score 8.8 (Network, Privileges Required: Low, User Interaction: None, Scope: Unc...

CVE-2025-56127

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the getwanobj in file /usr/lib/lua/luci/controller/admin/common.lua...

PT-2025-50675

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

EUVD-2025-30387

Malicious code in bioql PyPI...

EUVD-2024-27591

Malicious code in bioql PyPI...

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

The vulnerability of the strongSwan microprogramming software firewall solution developed by Ruijie RG-EG306MG-P allows a intruder to disclose protected information.

The vulnerability of the strongSwan microprogramming software firewall solution from Ruijie RG-EG306MG-P lies in the lack of encryption for confidential data during the processing of the parameter “idontcareaboutsecurityanduseaggressivemodepsk”. Exploiting this vulnerability can allow a remote...

CVE-2025-8763

A vulnerability was found in Ruijie EG306MG 3.01B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument idontcareaboutsecurityanduseaggressivemodepsk leads to missing...

CVE-2025-8763

CVE-2025-8763 concerns Ruijie EG306MG 3.0(1)B11P309 where the strongSwan component processes the /etc/strongswan.conf file. The root cause is manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk, leading to missing encryption of sensitive data. The vulnerability can...

CVE-2025-25527

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.34b12 due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

PT-2024-20280 · Ruijie · Ruijie Rg-Nbs2009G-P Rgos

Name of the Vulnerable Software and Affected Versions: Ruijie RG-NBS2009G-P RGOS version 10.41P2 Release 9736 Description: The issue allows a remote attacker to gain privileges via the login check state component. This is due to an Insecure Permissions vulnerability. A remote attacker can exploit...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6184

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/rebootcommit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely...

PT-2024-33008 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC versions up to 20240506 Description: A critical vulnerability exists in Ruijie RG-UAC. The manipulation of the name/remote/local/IP argument in an unknown part of the file /view/networkConfig/GRE/gre add commit.php leads to OS...