Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX version B11P226EW1800GX10223121, which stems from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua, which...

Ruijie M18 安全漏洞

Ruijie M18 is a WiFi router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie M18 EW3.01B11P226M1810223116 version, which originates from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devconfig/configretain.lua, which could le...

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56085

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56095

Ruijie RG-EW1200G PRO devices (V1.00–V4.00) are reported vulnerable to OS Command Injection via an crafted POST to module_set in /usr/local/lua/dev_sta/nbr_cwmp.lua. Root cause is unverified/unsafely handled input in nbr_cwmp.lua, enabling arbitrary command execution with network access. Affected...

CVE-2025-56077

CVE-2025-56077 describes an OS Command Injection in Ruijie RG-RAP2200(E) 247 2200. A crafted POST request to the module_set in /usr/local/lua/dev_sta/nbr_cwmp.lua can allow arbitrary commands execution. CVSSv3.1 base score 8.8 (Network, Privileges Required: Low, User Interaction: None, Scope: Unc...

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117) allows remote attackers to execute arbitrary commands via a crafted POST to /usr/local/lua/dev_sta/nbr_cwmp.lua (module_set). Root cause is unverified input reaching a command execution surface. Affected ...

CVE-2025-56110

CVE-2025-56110 describes an OS command injection affecting Ruijie RG-BCR RG-BCR860. The vulnerability arises from handling of a crafted POST request to the function at /usr/lib/lua/luci/controller/api/rcmsAPI.lua (action_deal_update), allowing an attacker to execute arbitrary commands. Reported C...

CVE-2025-56079

Ruijie RG-EW1300G/EW1300G (V1.00, V2.00, V4.00) are affected. The vulnerability is an OS Command Injection in the /usr/local/lua/dev_sta/networkConnect.lua module_get function, exploitable via a crafted POST request to run arbitrary commands (remote, network-based). Root cause is unsafe handling ...

CVE-2025-56083

CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...

PT-2025-50676

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the submit wifi function...

PT-2025-50661

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

CVE-2025-56120

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

PT-2025-50651

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1300G EW1300G versions 1.00 through 4.00 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module get function within the...

PT-2025-50663

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO versions X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the setWisp...

PT-2025-50686

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO B11P226 EW1800GX-PRO 10223117 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module get function within the...

CVE-2025-56082

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56082

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

EUVD-2025-202749

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which originates from an unvalidated input to the actionservice function in the file /usr/lib/lua/luci/controller/admin/service.lua, which could lead to an ...