An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
An attacker can send a network request to the system/config_menu.htm resource on the vulnerable device without authentication. The vulnerability is related to improper access control (CWE-280), which allows access to administrative functions without proper credentials. As a result, it is possible to take control over the network switch configuration.
An attacker can obtain full administrative privileges on the device, enabling configuration modification, network traffic interception, or device shutdown. This results in complete loss of confidentiality, integrity, and availability of the system.
Apply patches available from the manufacturer according to references. Until updates are applied, it is recommended to restrict access to the device management interface only to trusted hosts through network segmentation or access control lists (ACL), and to disable access to the management panel from untrusted networks.
Ruijie RG-NBS2009G-P with RGOS software v.10.4(1)P2 Release(9736)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRuijie Rg Nbs2009g P
HWRuijiewszystkie wersjeRuijie Rg Nbs2009g P Firmware
OSRuijie10.4\(1\)p2_release\(9736\)
Related vulnerabilities
Nieprawidłowe uprawnienia w Ruijie RG-NBS2009G-P umożliwiają privilege escalation
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected b...
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG...
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected...
Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series