A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2022/May/0 | Mailing List Third Party Advisory |
http://ruijie.com | Not Applicable |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-05-03 18:15
Updated : 2022-05-12 11:57
NVD link : CVE-2021-43161
Mitre link : CVE-2021-43161
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
ruijienetworks
- rg-ew3200gx_pro
- rg-ew1800gx_pro
- reyeeos
- rg-ew1200
- rg-ew300_pro
- rg-ew1200g_pro