Search criteria
3 vulnerabilities by Ruijie Networks Co., Ltd.
CVE-2025-68459 (GCVE-0-2025-68459)
Vulnerability from cvelistv5 – Published: 2025-12-18 05:51 – Updated: 2025-12-18 15:33
VLAI?
Summary
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.
Severity ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | AP180-PE V3.xx |
Affected:
AP_RGOS 11.9(4)B1P8 and earlier
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:28:34.206269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:43.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AP180-PE V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JA) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JP) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-PE V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JA) V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-PE V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T05:51:07.988Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94068946/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-68459",
"datePublished": "2025-12-18T05:51:07.988Z",
"dateReserved": "2025-12-17T23:37:17.886Z",
"dateUpdated": "2025-12-18T15:33:43.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58778 (GCVE-0-2025-58778)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:04 – Updated: 2025-10-16 14:31 Unsupported When Assigned
VLAI?
Summary
Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
Severity ?
CWE
- CWE-912 - Hidden functionality
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | RG-EST300 |
Affected:
AP_3.0(1)B2P18_EST300_06210514
Affected: AP_3.0(1)B2P10_EST300_06151523 Affected: AP_3.0(1)B2P10_EST300_05232216 Affected: and AP_3.0(1)B2P10_EST300_05220814 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:30:56.658999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:31:05.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RG-EST300",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_3.0(1)B2P18_EST300_06210514"
},
{
"status": "affected",
"version": "AP_3.0(1)B2P10_EST300_06151523"
},
{
"status": "affected",
"version": "AP_3.0(1)B2P10_EST300_05232216"
},
{
"status": "affected",
"version": "and AP_3.0(1)B2P10_EST300_05220814"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "Hidden functionality",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:04:43.115Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/"
},
{
"url": "https://www.ruijie.com/en-global/support/productLifecycle"
},
{
"url": "https://jvn.jp/en/jp/JVN72648885/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58778",
"datePublished": "2025-10-16T06:04:43.115Z",
"dateReserved": "2025-09-05T03:22:34.671Z",
"dateUpdated": "2025-10-16T14:31:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7304 (GCVE-0-2023-7304)
Vulnerability from cvelistv5 – Published: 2025-10-15 01:22 – Updated: 2025-11-21 16:17 X_Known Exploited Vulnerability
VLAI?
Title
Ruijie RG-UAC nmc_sync.php Command Injection
Summary
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | RG-UAC |
Affected:
*
|
Credits
Anonymous User on CN-SEC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:27:34.499011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:27:48.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"nmc_sync.php endpoint"
],
"product": "RG-UAC",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-uac:-:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous User on CN-SEC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the \u0027nmc_sync.php\u0027 interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.\u003cbr\u003e"
}
],
"value": "Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the \u0027nmc_sync.php\u0027 interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:17:56.857Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://cn-sec.com/archives/2284248.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruijie-rg-uac-nmc-sync-php-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Ruijie RG-UAC nmc_sync.php Command Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7304",
"datePublished": "2025-10-15T01:22:10.130Z",
"dateReserved": "2025-07-24T13:59:10.308Z",
"dateUpdated": "2025-11-21T16:17:56.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}