54836 matches found
CVE-2025-56117
Summary: CVE-2025-56117 is an OS Command Injection in Ruijie X30-PRO (X30-PRO-V1_09241521). The flaw allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set handler in the file /usr/local/lua/dev_sta/nbr_cwmp.lua. What is affected: Ruijie X30-PRO devic...
CVE-2025-56120
The CVE-2025-56120 issue affects the Ruijie X60 PRO family (X60_10212014RG-X60 PRO) with firmware versions V1.00 and V2.00. The root cause is an OS Command Injection via a crafted POST request to the module_set in /usr/local/lua/dev_config/config_retain.lua, enabling arbitrary command execution w...
CVE-2025-56092
CVE-2025-56092 affects Ruijie X30 PRO V1 (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the module_get function located at /usr/local/lua/dev_sta/networkConnect.lua, triggered by a crafted POST request. The CVE details indicate an attacker can execute arbitrary commands wi...
CVE-2025-56097
Summary: CVE-2025-56097 is an OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117). An attacker can inject and execute arbitrary commands by issuing a crafted POST request to the module_set function in the file /usr/local/lua/dev_config/config_retain.lua. A...
CVE-2025-56090
The CVE-2025-56090 issue affects Ruijie RG-EW1200G PRO devices (V1.00–V4.00). It is an OS command injection vulnerability where unvalidated input in the file /usr/local/lua/dev_config/config_retain.lua allows an attacker to execute arbitrary commands via a crafted POST to the module_set function....
CVE-2025-56085
CVE-2025-56085 affects Ruijie RG-EW1200 devices running EW 3.0(1)B11P227 EW1200 11130208RG-EW1200 V1.00. The flaw is an OS command injection in the module_set handler triggered by a crafted POST to /usr/local/lua/dev_config/config_retain.lua, stemming from unvalidated input. This can allow an att...
CVE-2025-56091
CVE-2025-56091 is an OS Command Injection affecting Ruijie RG-EW1800GX (B11P226_EW1800GX_10223121). An attacker can trigger arbitrary command execution via a crafted POST to /usr/local/lua/dev_config/config_retain.lua (module_set). The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector,...
CVE-2025-56106
CVE-2025-56106 applies to Ruijie RG-EW1800GX (B11P226_EW1800GX_10223121). The vulnerability is an OS Command Injection that allows an attacker to execute arbitrary commands via a crafted POST request to the module_set handler in /usr/local/lua/dev_sta/nbr_cwmp.lua. Impact is high (arbitrary comma...
MaxKB 竞争条件问题漏洞
MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A competitive condition issue vulnerability exists in MaxKB 2.3.1 and earlier versions, which stems from a tool module that allows an attacker to escape the sandbox...
EUVD-2025-202740
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56093
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua...
PT-2025-50667
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set within t...
CVE-2025-56091
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
PT-2025-50654
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that may allow attackers to execute arbitrary commands. This can occur through a specially crafted POST request sent to the...
CVE-2025-56090
OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
PT-2025-50685
Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An OS Command Injection issue exists in Ruijie X60 PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set function within the...
PT-2025-50650
Name of the Vulnerable Software and Affected Versions Ruijie RG-RAP2200E version 247 2200 Description An issue exists in Ruijie RG-RAP2200E 247 2200 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set in the /usr/local/lua/dev...
Ruijie X60 PRO 安全漏洞
Ruijie X60 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie X60 PRO X6010212014RG-X60 PRO version V1.00V2.00, which originates from improper handling of a specially crafted POST request for moduleset in the file...
EUVD-2025-202746
OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
PT-2025-50682
Name of the Vulnerable Software and Affected Versions Ruijie M18 EW 3.01B11P226 M18 10223116 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module set component within the file...