Vulnerability-Lookup

CNVD-2023-54867

Vulnerability from cnvd - Published: 2023-07-07

Title

北京星网锐捷网络技术有限公司RG-BCR860操作系统命令注入漏洞

Description

RG-BCR860是中国锐捷网络（Ruijie Networks）公司的一款商业云路由器。北京星网锐捷网络技术有限公司RG-BCR860 2.5.13版本存在操作系统命令注入漏洞，该漏洞源于组件Network Diagnostic Page未能正确过滤构造命令特殊字符、命令等，攻击者可利用该漏洞导致任意命令执行。

Severity

中

Formal description

据厂商提供的信息，该产品已经停服（2022.6.29停服），停服公告链接： https://www.ruijie.com.cn/fw/xw/86264

Reference

https://vuldb.com/?id.232547

Impacted products

Name
北京星网锐捷网络技术有限公司 RG-BCR860 2.5.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-3450",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-3450"
    }
  },
  "description": "RG-BCR860\u662f\u4e2d\u56fd\u9510\u6377\u7f51\u7edc\uff08Ruijie Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5546\u4e1a\u4e91\u8def\u7531\u5668\u3002\n\n\u5317\u4eac\u661f\u7f51\u9510\u6377\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8RG-BCR860 2.5.13\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6Network Diagnostic Page\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u636e\u5382\u5546\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u8be5\u4ea7\u54c1\u5df2\u7ecf\u505c\u670d\uff082022.6.29\u505c\u670d\uff09\uff0c\u505c\u670d\u516c\u544a\u94fe\u63a5\uff1a\r\nhttps://www.ruijie.com.cn/fw/xw/86264",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-54867",
  "openTime": "2023-07-07",
  "products": {
    "product": "\u5317\u4eac\u661f\u7f51\u9510\u6377\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 RG-BCR860 2.5.13"
  },
  "referenceLink": "https://vuldb.com/?id.232547",
  "serverity": "\u4e2d",
  "submitTime": "2023-06-30",
  "title": "\u5317\u4eac\u661f\u7f51\u9510\u6377\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8RG-BCR860\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2023-3450 (GCVE-0-2023-3450)

Vulnerability from cvelistv5 – Published: 2023-06-28 18:00 – Updated: 2024-11-08 18:09

Title

Ruijie RG-BCR860 Network Diagnostic Page os command injection

Summary

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - OS Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.232547	vdb-entry
	https://vuldb.com/?ctiid.232547	signaturepermissions-required
	https://github.com/RCEraser/cve/blob/main/RG-BCR860.md	exploit

Impacted products

	Vendor	Product	Version
	Ruijie	RG-BCR860	Affected: 2.5.13

Credits

RCEraser (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.232547"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.232547"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/RCEraser/cve/blob/main/RG-BCR860.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:ruijie:rg-bcr860_firmware:2.5.13:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rg-bcr860_firmware",
            "vendor": "ruijie",
            "versions": [
              {
                "status": "affected",
                "version": "2.5.13"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3450",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T18:08:22.927432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T18:09:15.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Network Diagnostic Page"
          ],
          "product": "RG-BCR860",
          "vendor": "Ruijie",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.13"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "RCEraser (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Ruijie RG-BCR860 2.5.13 gefunden. Dies betrifft einen unbekannten Teil der Komponente Network Diagnostic Page. Durch das Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T13:47:50.786Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.232547"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.232547"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/RCEraser/cve/blob/main/RG-BCR860.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-06-28T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-06-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-07-20T14:18:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ruijie RG-BCR860 Network Diagnostic Page os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-3450",
    "datePublished": "2023-06-28T18:00:04.678Z",
    "dateReserved": "2023-06-28T17:18:36.439Z",
    "dateUpdated": "2024-11-08T18:09:15.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-54867

CVE-2023-3450 (GCVE-0-2023-3450)

Tags

Sightings

Nomenclature