CVE-2024-2641

Published: Mar 19, 2024Modified: Aug 21, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: CNA (Secondary)

Description

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Ruijie: Rg Nbs2009g P Firmware

1 product

Rg Nbs2009g P Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Nbs2009g P Firmware	All versions

Running on/with	Platform Versions
Ruijie Rg Nbs2009g P	All versions

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.257280

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.257280

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.257280

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.257280

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.