You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ruijie Network is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more.
Ruijie RG-UAC has a command execution vulnerability. Attackers exploit vulnerabilities to cause harm to servers.
/View/vpn/autovpn/sxh_vpnlic.php
The $$POST ["indevice"] parameter is controllable and will be substituted into the get_ip.addr_details function
Tracking function, concatenating controllable parameters into info parameters, and ultimately executing them into exec function, resulting in command execution vulnerabilities.
The text was updated successfully, but these errors were encountered:
Ruijie Network is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more.
Ruijie RG-UAC has a command execution vulnerability. Attackers exploit vulnerabilities to cause harm to servers.
official:https://www.ruijie.com.cn
version:1.0
Vulnerability Path : /view/vpn/autovpn/sxh_vpnlic.php
/View/vpn/autovpn/sxh_vpnlic.php
![图片](https://private-user-images.githubusercontent.com/171104034/340101793-c48dc464-a7ec-4873-96cd-9fa5cf7f8ff1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjExMjQ5MTgsIm5iZiI6MTcyMTEyNDYxOCwicGF0aCI6Ii8xNzExMDQwMzQvMzQwMTAxNzkzLWM0OGRjNDY0LWE3ZWMtNDg3My05NmNkLTlmYTVjZjdmOGZmMS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE2JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxNlQxMDEwMThaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03Mjc3ZGY1Y2Q3NTMwYTcwMTRkYTQ2ZWNmMmZhNzVlMDc1ZjcxMWIzMTRjNGZjNjRlNGIxZmFlY2IwNDMzZjk1JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.ogSxG7Leswme7WbImPSLclyiIVs599D3Y5wXgSeFpt4)
The $$POST ["indevice"] parameter is controllable and will be substituted into the get_ip.addr_details function
Tracking function, concatenating controllable parameters into info parameters, and ultimately executing them into exec function, resulting in command execution vulnerabilities.
![图片](https://private-user-images.githubusercontent.com/171104034/340101816-5ef4bcde-c2c6-418f-af0d-846863bcf6ae.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjExMjQ5MTgsIm5iZiI6MTcyMTEyNDYxOCwicGF0aCI6Ii8xNzExMDQwMzQvMzQwMTAxODE2LTVlZjRiY2RlLWMyYzYtNDE4Zi1hZjBkLTg0Njg2M2JjZjZhZS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE2JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxNlQxMDEwMThaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1hNjExMTMxY2EyZDViOTc2ZWI1ZmQ4MDlhMzczZDE5N2M1NTI0ZjgzYjFkNTcwMWNkZWIwMzZjZDkwMDE1NGMyJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.9UIPZzNx-Hty_7_V8dNwzQqhx8I3uXypqglmBx-6GI8)
The text was updated successfully, but these errors were encountered: