Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for rg-nbs2009g-p by ruijie

    CVE-2024-2642 (GCVE-0-2024-2642)

    Vulnerability from nvd – Published: 2024-03-19 21:31 – Updated: 2024-08-19 17:12
    VLAI
    Title
    Ruijie RG-NBS2009G-P EXCU_SHELL command injection
    Summary
    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.257281 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.257281 signaturepermissions-required
    https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20R… exploit
    Impacted products
    Vendor Product Version
    Ruijie RG-NBS2009G-P Affected: 20240305
    Create a notification for this product.
    ruijie rg-nbs2009g-p_firmware Affected: 0 , ≤ 20240305 (custom)
        cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    H0e4a0r1t (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:48.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257281 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257281"
              },
              {
                "name": "VDB-257281 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257281"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rg-nbs2009g-p_firmware",
                "vendor": "ruijie",
                "versions": [
                  {
                    "lessThanOrEqual": "20240305",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:10:27.367342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:12:16.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RG-NBS2009G-P",
              "vendor": "Ruijie",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240305"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "H0e4a0r1t (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Ruijie RG-NBS2009G-P bis 20240305 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /EXCU_SHELL. Mit der Manipulation des Arguments Command1 mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T21:31:03.872Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257281 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.257281"
            },
            {
              "name": "VDB-257281 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257281"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T14:40:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ruijie RG-NBS2009G-P EXCU_SHELL command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2642",
        "datePublished": "2024-03-19T21:31:03.872Z",
        "dateReserved": "2024-03-19T13:35:14.712Z",
        "dateUpdated": "2024-08-19T17:12:16.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2641 (GCVE-0-2024-2641)

    Vulnerability from nvd – Published: 2024-03-19 20:31 – Updated: 2024-08-01 19:18
    VLAI
    Title
    Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization
    Summary
    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ruijie RG-NBS2009G-P Affected: 20240305
    Create a notification for this product.
    ruijie rg-nbs2009g-p Affected: 0 , < 20240305 (custom)
        cpe:2.3:h:ruijie:rg-nbs2009g-p:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    H0e4a0r1t (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ruijie:rg-nbs2009g-p:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rg-nbs2009g-p",
                "vendor": "ruijie",
                "versions": [
                  {
                    "lessThan": "20240305",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T21:27:21.427242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T21:29:11.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:47.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257280 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257280"
              },
              {
                "name": "VDB-257280 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257280"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Password Handler"
              ],
              "product": "RG-NBS2009G-P",
              "vendor": "Ruijie",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240305"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "H0e4a0r1t (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Ruijie RG-NBS2009G-P bis 20240305 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /system/passwdManage.htm der Komponente Password Handler. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T20:31:04.208Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257280 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.257280"
            },
            {
              "name": "VDB-257280 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257280"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T14:40:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2641",
        "datePublished": "2024-03-19T20:31:04.208Z",
        "dateReserved": "2024-03-19T13:35:12.606Z",
        "dateUpdated": "2024-08-01T19:18:47.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2642 (GCVE-0-2024-2642)

    Vulnerability from cvelistv5 – Published: 2024-03-19 21:31 – Updated: 2024-08-19 17:12
    VLAI
    Title
    Ruijie RG-NBS2009G-P EXCU_SHELL command injection
    Summary
    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.257281 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.257281 signaturepermissions-required
    https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20R… exploit
    Impacted products
    Vendor Product Version
    Ruijie RG-NBS2009G-P Affected: 20240305
    Create a notification for this product.
    ruijie rg-nbs2009g-p_firmware Affected: 0 , ≤ 20240305 (custom)
        cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    H0e4a0r1t (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:48.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257281 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257281"
              },
              {
                "name": "VDB-257281 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257281"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rg-nbs2009g-p_firmware",
                "vendor": "ruijie",
                "versions": [
                  {
                    "lessThanOrEqual": "20240305",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:10:27.367342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:12:16.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RG-NBS2009G-P",
              "vendor": "Ruijie",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240305"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "H0e4a0r1t (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Ruijie RG-NBS2009G-P bis 20240305 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /EXCU_SHELL. Mit der Manipulation des Arguments Command1 mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T21:31:03.872Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257281 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.257281"
            },
            {
              "name": "VDB-257281 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257281"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T14:40:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ruijie RG-NBS2009G-P EXCU_SHELL command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2642",
        "datePublished": "2024-03-19T21:31:03.872Z",
        "dateReserved": "2024-03-19T13:35:14.712Z",
        "dateUpdated": "2024-08-19T17:12:16.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2641 (GCVE-0-2024-2641)

    Vulnerability from cvelistv5 – Published: 2024-03-19 20:31 – Updated: 2024-08-01 19:18
    VLAI
    Title
    Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization
    Summary
    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ruijie RG-NBS2009G-P Affected: 20240305
    Create a notification for this product.
    ruijie rg-nbs2009g-p Affected: 0 , < 20240305 (custom)
        cpe:2.3:h:ruijie:rg-nbs2009g-p:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    H0e4a0r1t (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ruijie:rg-nbs2009g-p:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rg-nbs2009g-p",
                "vendor": "ruijie",
                "versions": [
                  {
                    "lessThan": "20240305",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T21:27:21.427242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T21:29:11.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:47.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257280 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257280"
              },
              {
                "name": "VDB-257280 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257280"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Password Handler"
              ],
              "product": "RG-NBS2009G-P",
              "vendor": "Ruijie",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240305"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "H0e4a0r1t (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Ruijie RG-NBS2009G-P bis 20240305 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /system/passwdManage.htm der Komponente Password Handler. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T20:31:04.208Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257280 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.257280"
            },
            {
              "name": "VDB-257280 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257280"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T14:40:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2641",
        "datePublished": "2024-03-19T20:31:04.208Z",
        "dateReserved": "2024-03-19T13:35:12.606Z",
        "dateUpdated": "2024-08-01T19:18:47.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }