CRITICAL🇵🇱 Wersja polska

CVE-2024-24117

CVSS 9.8v3.1pub. 2024-10-02upd. 2025-03-13

Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.

🤖 AI Analysis
How it works

The vulnerability is caused by improper permission configuration (CWE-732) in the component responsible for login state verification. An attacker can remotely exploit this component without requiring authentication or user interaction to bypass access control mechanisms. This results in gaining unauthorized privileges in the RGOS operating system of the device.

Impact

An attacker can gain elevated privileges on the network device, which in practice means full control over the switch, including the ability to modify network configuration, intercept network traffic, and perform further lateral movement in the infrastructure.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict access to the device management interface only to trusted IP addresses and to place the device behind a dedicated management firewall.

Who is affected

Ruijie RG-NBS2009G-P with RGOS software version 10.4(1)P2 Release (9736)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ruijie Rg Nbs2009g P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Nbs2009g P Firmware

    OS
    Ruijie
    10.4\(1\)p2_release\(9736\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24116CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm

CVE-2024-2642HIGH7.3ten sam produkt

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected b...

CVE-2023-38902HIGH8.8ten sam produkt

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG...

CVE-2024-2641MEDIUM5.3ten sam produkt

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected...

CVE-2025-56752CRITICAL9.4PL ✓ten sam vendor

Pominięcie uwierzytelnienia w przełącznikach Ruijie RG-ES Series