Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38902

UNKNOWN
Published 2023-08-17T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38902. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

ruijie

rg-ew_series_routers_and_repeaters

Affected Versions:

v.ew_3.0(1)B11P219
ruijie

rg-ew

Affected Versions:

0
ruijie

rg-s1930

Affected Versions:

v.switch_3.0(1)b11p219
ruijie

rg-eg

Affected Versions:

v.eg_3.0(1)b11p219
ruijie

nbc_series_wireless_controllers

Affected Versions:

v.ac_3.0(1)b11p219

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-qf45-5h68-rp79

Advisory Details

An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38902
WEB https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37
WEB http://rg-ew.com
WEB http://ruijie.com

Advisory provided by GitHub Security Advisory Database. Published: August 17, 2023, Modified: April 4, 2024

References

https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37
Published: 2023-08-17T00:00:00
Last Modified: 2024-10-08T14:50:58.719Z
Copied to clipboard!