CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-4814

Medium Severity
SVRS
30/100
CVSSv3
6.3/10
EPSS
0.01446/1

CVE-2024-4814 exposes a critical OS command injection vulnerability in Ruijie RG-UAC devices. This vulnerability, affecting versions up to 20240506, resides in the /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php file. By manipulating the oldipmask or oldgateway arguments, attackers can execute arbitrary commands on the underlying operating system. Despite a CVSS score of 6.3, the SVRS score of 30 indicates a lower level of immediate threat compared to the most critical vulnerabilities, but still warrants attention and monitoring. This remotely exploitable flaw is publicly known and actively discussed, heightening the risk of exploitation. Organizations using Ruijie RG-UAC should investigate and apply available patches or mitigations to prevent unauthorized system access and maintain network security. The lack of vendor response compounds the need for users to take proactive steps.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:L
I:L
A:L
PUBLICATION DATE2024-05-14
LAST MODIFIED2024-06-04

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
2dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn't have an alternative to upgrading to a fixed version. 2024-05-14 7.6 CVE-2024-34714
cisa.gov
rss
forum
news

Social Media

CVE-2024-4814 A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkCo… https://t.co/y2cUpAdHZt
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/h0e4a0r1t/I_L-HxK-pF-uZ1-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-StaticRoute%3Astatic_route_edit_commit.php.pdf
[email protected]https://vuldb.com/?ctiid.263935
[email protected]https://vuldb.com/?id.263935
[email protected]https://vuldb.com/?submit.330052

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence