PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

Ruijie RG-EW1200G PRO 安全漏洞

The Ruijie RG-EW1200G PRO is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1200G PRO that stems from improper handling of a specially crafted POST request for moduleget in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to the executio...

CVE-2025-56110

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...

CVE-2025-56108

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

CVE-2025-56086

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

Ruijie RG-S1930 安全漏洞

The Ruijie RG-S1930 is a series of Layer 2 network management switches from Ruijie China. A security vulnerability exists in the Ruijie RG-S1930 S1930SWITCH3.01B11P230 version, which originates from improper handling of a specially crafted POST request for moduleupdate in the file...

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

Ruijie M18 安全漏洞

Ruijie M18 is a WiFi router from China Ruijie Ruijie. A security vulnerability exists in Ruijie M18 EW3.01B11P226M1810223116, which originates from an unvalidated input to the moduleget function in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to an OS command injection atta...

CVE-2025-56122

CVE-2025-56122 affects Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117). The vulnerability is an OS Command Injection in the Lua module at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. CVSSv3.1 base score 8.8 (HIGH) with networ...

CVE-2025-56129

Summary: CVE-2025-56129 is an OS command injection in Ruijie RG-BCR RG-BCR860. The issue occurs when processing a crafted POST to /usr/lib/lua/luci/controller/admin/diagnosis.lua (diagnosis action), enabling arbitrary command execution. The Red Hat, EUVD ENISA, NVD, CNNVD, and CVE sources corrobo...

CVE-2025-56099

CVE-2025-56099 affects Ruijie RG-YST AP with firmware 3.0(1)B11P280YST250F. The issue is an OS Command Injection in the pwdmodify handler located at /usr/lib/lua/luci/modules/common.lua, triggered by a crafted POST request. The vulnerability allows an attacker to execute arbitrary commands with l...

CVE-2025-56118

CVE-2025-56118 is an OS Command Injection vulnerability in Ruijie X60 PRO (X60_10212014RG-X60 PRO) versions V1.00–V2.00. The issue allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set function in /usr/local/lua/dev_sta/nbr_cwmp.lua. CVSS v3.1 metric...

CVE-2025-56098

Summary of CVE-2025-56098 : Affected device is Ruijie X30-PRO (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the Lua module handler at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. This is triggered by unvalid...

CVE-2025-56092

CVE-2025-56092 affects Ruijie X30 PRO V1 (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the module_get function located at /usr/local/lua/dev_sta/networkConnect.lua, triggered by a crafted POST request. The CVE details indicate an attacker can execute arbitrary commands wi...

CVE-2025-56097

Summary: CVE-2025-56097 is an OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117). An attacker can inject and execute arbitrary commands by issuing a crafted POST request to the module_set function in the file /usr/local/lua/dev_config/config_retain.lua. A...

CVE-2025-56090

The CVE-2025-56090 issue affects Ruijie RG-EW1200G PRO devices (V1.00–V4.00). It is an OS command injection vulnerability where unvalidated input in the file /usr/local/lua/dev_config/config_retain.lua allows an attacker to execute arbitrary commands via a crafted POST to the module_set function....

RHEL 8 : redis:6 (RHSA-2025:19238)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19238 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, set...

AlmaLinux 10 : valkey (ALSA-2025:21936)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21936 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

TencentOS Server 3: redis:6 (TSSA-2025:0931)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0931 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...