Ruijie Network is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more.
Ruijie RG-UAC has a command execution vulnerability. Attackers exploit vulnerabilities to cause harm to servers.
/View/vpn/autovpn/sxh_vpnlic.php
The $$POST ["indevice"] parameter is controllable and will be substituted into the get_ip.addr_details function
Tracking function, concatenating controllable parameters into info parameters, and ultimately executing them into exec function, resulting in command execution vulnerabilities.
Ruijie Network is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. Ruijie RG-UAC has a command execution vulnerability. Attackers exploit vulnerabilities to cause harm to servers.
official:https://www.ruijie.com.cn
version:1.0
Vulnerability Path : /view/vpn/autovpn/sxh_vpnlic.php
/View/vpn/autovpn/sxh_vpnlic.php The $$POST ["indevice"] parameter is controllable and will be substituted into the get_ip.addr_details function
Tracking function, concatenating controllable parameters into info parameters, and ultimately executing them into exec function, resulting in command execution vulnerabilities.