CVE-2025-56752

Published: Sep 3, 2025Modified: Sep 29, 2025

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploitability: 3.9 / Impact: 5.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.

Affected (43)

Products: Ruijie: Rg Es228gs P Firmware, Rg Es209gc P Firmware, Rg Es205gc P Firmware, Rg Es205gc Firmware, Rg Es208gc Firmware, Rg Es206gs P Firmware, Rg Es210gs P Firmware, Rg Es218gc P Firmware, Rg Es226gc P Firmware, Rg Es206gc P Firmware, Rg Es216gc Firmware, Rg Es224gc Firmware, Rg Es210gc Lp Firmware, Rg Es206mg P Firmware, Rg Es209mg P Firmware, Rg Nis2100 8gt2sfp Hp Firmware, Rg Nis2100 4gt2sfp Hp Firmware, Rg Es216gc V2 Firmware, Rg Es224gc V2 Firmware, Rg Es220gs P Firmware

Ruijie

20 products

Rg Es228gs P Firmware

Rg Es209gc P Firmware

Rg Es205gc P Firmware

Rg Es205gc Firmware

Rg Es208gc Firmware

Rg Es206gs P Firmware

Rg Es210gs P Firmware

Rg Es218gc P Firmware

Rg Es226gc P Firmware

Rg Es206gc P Firmware

Rg Es216gc Firmware

Rg Es224gc Firmware

Rg Es210gc Lp Firmware

Rg Es206mg P Firmware

Rg Es209mg P Firmware

Rg Nis2100 8gt2sfp Hp Firmware

Rg Nis2100 4gt2sfp Hp Firmware

Rg Es216gc V2 Firmware

Rg Es224gc V2 Firmware

Rg Es220gs P Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es228gs P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es228gs P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es228gs P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es228gs P	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es209gc P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es209gc P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es209gc P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es209gc P	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es205gc P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es205gc P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es205gc P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es205gc P	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es205gc Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es205gc Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es205gc Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es205gc	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es208gc Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es208gc Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es208gc Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es208gc	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es206gs P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es206gs P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es206gs P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es206gs P	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es210gs P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es210gs P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es210gs P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es210gs P	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es218gc P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es218gc P Firmware	Version esw_1.0(1)b1p35

Running on/with	Platform Versions
Ruijie Rg Es218gc P	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es226gc P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es226gc P Firmware	Version esw_1.0(1)b1p35

Running on/with	Platform Versions
Ruijie Rg Es226gc P	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es206gc P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es206gc P Firmware	Version esw_1.0(1)b1p35

Running on/with	Platform Versions
Ruijie Rg Es206gc P	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es216gc Firmware	Version esw_1.0(1)b1p27

Running on/with	Platform Versions
Ruijie Rg Es216gc	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es224gc Firmware	Version esw_1.0(1)b1p27

Running on/with	Platform Versions
Ruijie Rg Es224gc	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es210gc Lp Firmware	Version esw_1.0(1)b1p27

Running on/with	Platform Versions
Ruijie Rg Es210gc Lp	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es206mg P Firmware	Version esw_1.0(1)b1p42_release(12142711)

Running on/with	Platform Versions
Ruijie Rg Es206mg P	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es209mg P Firmware	Version esw_1.0(1)b1p42_release(12142711)

Running on/with	Platform Versions
Ruijie Rg Es209mg P	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Nis2100 8gt2sfp Hp Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Nis2100 8gt2sfp Hp	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Nis2100 4gt2sfp Hp Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Nis2100 4gt2sfp Hp	All versions

Configuration R

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es216gc V2 Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es216gc V2 Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es216gc V2 Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es216gc V2	All versions

Configuration S

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es224gc V2 Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es224gc V2 Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es224gc V2 Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es224gc V2	All versions

Configuration T

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ruijie Rg Es220gs P Firmware	Version esw_1.0(1)b1p27
Ruijie Rg Es220gs P Firmware	Version esw_1.0(1)b1p35
Ruijie Rg Es220gs P Firmware	Version esw_1.0(1)b1p39

Running on/with	Platform Versions
Ruijie Rg Es220gs P	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://github.com/TNCX-byte/Vulnerability_Research/blob/main/CVE-2025-56752/README.md

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.