attritionorg
commented
3 months ago What authentication requirements are there?
Open L1OudFd8cl09 opened 3 months ago
attritionorg
commented
3 months ago What authentication requirements are there?
Ruijie Network is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. Ruijie RG-UAC has a command execution vulnerability. Attackers exploit vulnerabilities to cause harm to servers.
official:https://www.ruijie.com.cn
version:1.0
Vulnerability Path : /view/vpn/autovpn/sxh_vpnlic.php
/View/vpn/autovpn/sxh_vpnlic.php The $$POST ["indevice"] parameter is controllable and will be substituted into the get_ip.addr_details function
Tracking function, concatenating controllable parameters into info parameters, and ultimately executing them into exec function, resulting in command execution vulnerabilities.