CVE-2023-3306

Published: Jun 18, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Ruijie: Rg Ew1200g Firmware

1 product

Rg Ew1200g Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Ew1200g Firmware	Version ew_3.0(1)b11p204

Running on/with	Platform Versions
Ruijie Rg Ew1200g	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.231802

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.231802

Source: cna@vuldb.com

Third Party Advisory

https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.231802

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.231802

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.