CRITICAL🇵🇱 Wersja polska

CVE-2025-56752

CVSS 9.4v3.1pub. 2025-09-03upd. 2025-09-29

A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  • Ruijie Rg Es205gc

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es205gc Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es205gc P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es205gc P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es206gc P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es206gc P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35
  • Ruijie Rg Es206gs P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es206gs P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es206mg P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es206mg P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p42_release\(12142711\)
  • Ruijie Rg Es208gc

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es208gc Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es209gc P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es209gc P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es209mg P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es209mg P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p42_release\(12142711\)
  • Ruijie Rg Es210gc Lp

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es210gc Lp Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27
  • Ruijie Rg Es210gs P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es210gs P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es216gc

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es216gc Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27
  • Ruijie Rg Es216gc V2

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es216gc V2 Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es218gc P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es218gc P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35
  • Ruijie Rg Es220gs P

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es220gs P Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27esw_1.0\(1\)b1p35esw_1.0\(1\)b1p39
  • Ruijie Rg Es224gc

    HW
    Ruijie
    wszystkie wersje
  • Ruijie Rg Es224gc Firmware

    OS
    Ruijie
    esw_1.0\(1\)b1p27
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-42936CRITICAL9.8PL ✓ten sam vendor

RCE w usłudze mqlink.elf urządzenia Ruijie RG-EW300N via MQTT

CVE-2024-24116CRITICAL9.8PL ✓ten sam vendor

Nieautoryzowane uzyskanie uprawnień w Ruijie RG-NBS2009G-P via config_menu.htm

CVE-2024-24117CRITICAL9.8PL ✓ten sam vendor

Nieprawidłowe uprawnienia w Ruijie RG-NBS2009G-P umożliwiają privilege escalation

CVE-2019-16639CRITICAL9.8PL ✓ten sam vendor

Command injection w Ruijie EG-2000SE — dostęp bez uwierzytelnienia

CVE-2024-28288CRITICAL9.8PL ✓ten sam vendor

Ruijie RG-NBR700GW — reset hasła administratora bez weryfikacji cookie