CVE-2024-4255

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability.

CVSS v3 4.7 MEDIUM
CVSS v2.0 5.8 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:M/C:P/I:P/A:P

Exploitability : 6.4 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/h0e4a0r1t/g-hdkyyf7L-Z8-5v/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-gre_edit_commit.php.pdf	Broken Link
https://vuldb.com/?ctiid.262145	Permissions Required VDB Entry
https://vuldb.com/?id.262145	Third Party Advisory VDB Entry
https://vuldb.com/?submit.319820	Third Party Advisory VDB Entry
https://github.com/h0e4a0r1t/g-hdkyyf7L-Z8-5v/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-gre_edit_commit.php.pdf	Broken Link
https://vuldb.com/?ctiid.262145	Permissions Required VDB Entry
https://vuldb.com/?id.262145	Third Party Advisory VDB Entry
https://vuldb.com/?submit.319820	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-cc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ea:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-ei:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-si:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x200:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-x60:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-uac_6000-xs:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-04-27 15:15

Updated : 2025-08-21 18:21

NVD link : CVE-2024-4255

Mitre link : CVE-2024-4255

CVE.ORG link : CVE-2024-4255

JSON object : View

Products Affected

ruijie

rg-uac_6000-ei_firmware
rg-uac_6000-u3210_firmware
rg-uac_6000-cc
rg-uac_6000-ea
rg-uac_6000-si
rg-uac_6000-x20m_firmware
rg-uac_6000-x20_firmware
rg-uac_6000-ei
rg-uac_6000-e50_firmware
rg-uac_6000-e50c
rg-uac_6000-u3100
rg-uac_6000-isg02_firmware
rg-uac_6000-si_firmware
rg-uac_6000-x100s_firmware
rg-uac_6000-x20m
rg-uac_6000-e20
rg-uac_6000-e10
rg-uac_6000-ea_firmware
rg-uac_6000-u3210
rg-uac_6000-isg10_firmware
rg-uac_6000-x300d
rg-uac_6000-cc_firmware
rg-uac_6000-e20_firmware
rg-uac_6000-isg02
rg-uac_6000-isg40
rg-uac_6000-e20m_firmware
rg-uac_6000-x200
rg-uac_6000-e50c_firmware
rg-uac_6000-e50
rg-uac_6000-e20m
rg-uac_6000-e50m
rg-uac_6000-isg200_firmware
rg-uac_6000-x20me
rg-uac_6000-e10c_firmware
rg-uac_6000-e20c_firmware
rg-uac_6000-x60
rg-uac_6000-e10_firmware
rg-uac_6000-isg200
rg-uac_6000-x20me_firmware
rg-uac_6000-isg10
rg-uac_6000-e50m_firmware
rg-uac_6000-e20c
rg-uac_6000-isg40_firmware
rg-uac_6000-x100_firmware
rg-uac_6000-x100s
rg-uac_6000-u3100_firmware
rg-uac_6000-e10c
rg-uac_6000-x20
rg-uac_6000-x200_firmware
rg-uac_6000-xs_firmware
rg-uac_6000-xs
rg-uac_6000-x300d_firmware
rg-uac_6000-x100
rg-uac_6000-x60_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

4.7 /10