CVE-2025-56124

CVE-2025-56124 affects Ruijie X60 PRO routers (V1.00–V2.00). The vulnerability is an OS Command Injection in the module_get function invoked via a crafted POST to /usr/local/lua/dev_sta/networkConnect.lua, allowing an attacker to execute arbitrary commands with local privileges. Multiple sources ...

CVE-2025-56113

CVE-2025-56113 affects Ruijie RG-YST EST and YSTAP 3.0(1)B11P280YST250F, with the vulnerable component being the pwdmodify function in /usr/lib/lua/luci/modules/common.lua. The root cause is an OS Command Injection vulnerability triggered by a crafted POST request to pwdmodify, allowing an attack...

CVE-2025-56110

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...

CVE-2025-56101

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

PT-2025-50657

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the run tcpdump function...

Ruijie RG-EW1800GX PRO 安全漏洞

Ruijie RG-EW1800GX PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 version, which originates from a specially crafted POST request to moduleget in file /usr/local/lua/devsta/networkConnect.lua. Improper...

CVE-2025-56098

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2025-56109

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actionwireless in file /usr/lib/lua/luci/control/admin/wireless.lua...

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

PT-2025-50665

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200G PRO versions 1.00 through 4.00 Description An issue exists in Ruijie RG-EW1200G PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw within the nbr cwmp.lua file located at...

CVE-2025-56097

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1800GX that originates from unverified input to the moduleget function in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to an OS command injection attack...

Ruijie X30 PRO 安全漏洞

Ruijie X30 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie X30 PRO V1 X30-PRO-V109241521 version, which originates from an unvalidated input to the moduleget function in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to an...

Ruijie RG-EW1200G PRO 安全漏洞

Ruijie RG-EW1200G PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 versions, which originates from unverified input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could...

PT-2025-50660

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200G PRO versions 1.00 through 4.00 Description An OS Command Injection issue exists in Ruijie RG-EW1200G PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set within the...

PT-2025-50691

Name of the Vulnerable Software and Affected Versions Ruijie RG-S1930 versions S1930SWITCH 3.01B11P230 Description An OS Command Injection issue exists in Ruijie RG-S1930. Successful exploitation allows attackers to execute arbitrary commands. This is achieved by sending a crafted POST request to...

Ruijie RG-EW1800GX PRO 安全漏洞

Ruijie RG-EW1800GX PRO is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 version, which originates from an unvalidated input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could...

CVE-2025-56124

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...