CRITICAL🇵🇱 Wersja polska

CVE-2024-24116

CVSS 9.8v3.1pub. 2024-10-02upd. 2025-02-10

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

🤖 AI Analysis
How it works

An attacker can send a network request to the system/config_menu.htm resource on the vulnerable device without authentication. The vulnerability is related to improper access control (CWE-280), which allows access to administrative functions without proper credentials. As a result, it is possible to take control over the network switch configuration.

Impact

An attacker can obtain full administrative privileges on the device, enabling configuration modification, network traffic interception, or device shutdown. This results in complete loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until updates are applied, it is recommended to restrict access to the device management interface only to trusted hosts through network segmentation or access control lists (ACL), and to disable access to the management panel from untrusted networks.

Who is affected

Ruijie RG-NBS2009G-P with RGOS software v.10.4(1)P2 Release(9736)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ruijie Rg Nbs2009g P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Nbs2009g P Firmware

    OS
    Ruijie
    10.4\(1\)p2_release\(9736\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24117CRITICAL9.8PL ✓ten sam produkt

Nieprawidłowe uprawnienia w Ruijie RG-NBS2009G-P umożliwiają privilege escalation

CVE-2024-2642HIGH7.3ten sam produkt

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected b...

CVE-2023-38902HIGH8.8ten sam produkt

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG...

CVE-2024-2641MEDIUM5.3ten sam produkt

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected...

CVE-2025-56752CRITICAL9.4PL ✓ten sam vendor

Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series