Описание
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
Ссылки
- Broken Link
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.1.0 (включая) до 11.1\(9\)B1P21 (включая)
Одновременно
cpe:2.3:o:ruijie:rg-ap720-l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ruijie:rg-ap720-l:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
7.2 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 5.4
github
2 месяца назад
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
EPSS
Процентиль: 24%
0.00081
Низкий
7.2 High
CVSS3
Дефекты
CWE-77