Search criteria
3 vulnerabilities found for rg-nbr700gw_firmware by ruijie
FKIE_CVE-2024-28288
Vulnerability from fkie_nvd - Published: 2024-03-30 01:15 - Updated: 2025-06-30 12:47
Severity ?
Summary
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruijie | rg-nbr700gw_firmware | 10.3\(4b12\) | |
| ruijie | rg-nbr700gw | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*",
"matchCriteriaId": "53A3205D-70B8-40F5-B8E4-080665EC0B08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-nbr700gw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99A76E27-A85D-4C40-AAA4-C066DD417C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."
},
{
"lang": "es",
"value": "El router Ruijie RG-NBR700GW 10.3(4b12) carece de verificaci\u00f3n de cookies al restablecer la contrase\u00f1a, lo que genera una vulnerabilidad de restablecimiento de contrase\u00f1a de administrador. Un atacante puede utilizar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo e interrumpir el negocio de la empresa."
}
],
"id": "CVE-2024-28288",
"lastModified": "2025-06-30T12:47:33.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-30T01:15:47.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-565"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2024-28288 (GCVE-0-2024-28288)
Vulnerability from cvelistv5 – Published: 2024-03-30 00:00 – Updated: 2024-11-04 14:13
VLAI?
Summary
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rg-nbr700gw_firmware",
"vendor": "ruijie",
"versions": [
{
"status": "affected",
"version": "10.3\\(4b12\\)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T14:13:44.580378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T14:13:51.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T00:16:32.445126",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
},
{
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28288",
"datePublished": "2024-03-30T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-11-04T14:13:51.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28288 (GCVE-0-2024-28288)
Vulnerability from nvd – Published: 2024-03-30 00:00 – Updated: 2024-11-04 14:13
VLAI?
Summary
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rg-nbr700gw_firmware",
"vendor": "ruijie",
"versions": [
{
"status": "affected",
"version": "10.3\\(4b12\\)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T14:13:44.580378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T14:13:51.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T00:16:32.445126",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"
},
{
"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28288",
"datePublished": "2024-03-30T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-11-04T14:13:51.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}