CVE-2025-56117

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

Ruijie RG-EW1800GX PRO 安全漏洞

Ruijie RG-EW1800GX PRO is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 version, which originates from an unvalidated input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could...

Ruijie RG-EW1200G PRO 安全漏洞

Ruijie RG-EW1200G PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 versions, which originates from unverified input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could...

CVE-2025-56097

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56114

Ruijie M18 EW 3.0(1)B11P226 M18 10223116 is affected by an OS Command Injection via a crafted POST to /usr/local/lua/dev_config/config_retain.lua:module_set, allowing arbitrary command execution. Public details show CVSS v3.1 base score 8.8 (CR: HIGH, IR: HIGH, AR: HIGH; AV:N/AC:L/PR:L/UI:N/S:U)....

CVE-2025-56095

Ruijie RG-EW1200G PRO devices (V1.00–V4.00) are reported vulnerable to OS Command Injection via an crafted POST to module_set in /usr/local/lua/dev_sta/nbr_cwmp.lua. Root cause is unverified/unsafely handled input in nbr_cwmp.lua, enabling arbitrary command execution with network access. Affected...

CVE-2025-56085

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56118

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

Ruijie RG-EW1200 安全漏洞

Ruijie RG-EW1200 is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1200 that originates from unverified input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could lead to an OS command injection attack...

CVE-2025-56106

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

Ruijie M18 安全漏洞

Ruijie M18 is a WiFi router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie M18 EW3.01B11P226M1810223116 version, which originates from an unvalidated input to the moduleset function in the file /usr/local/lua/devsta/nbrcwmp.lua, which could lead to an OS command injection...

CVE-2025-56114

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX B11P226EW1800GX10223121 version, which originates from an unvalidated input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could lead...

CVE-2025-56095

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56118

CVE-2025-56118 is an OS Command Injection vulnerability in Ruijie X60 PRO (X60_10212014RG-X60 PRO) versions V1.00–V2.00. The issue allows an attacker to execute arbitrary commands by sending a crafted POST request to the module_set function in /usr/local/lua/dev_sta/nbr_cwmp.lua. CVSS v3.1 metric...