A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263105 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-view_bugSolve_captureData_commit.php.pdf | Broken Link |
| https://vuldb.com/?ctiid.263105 | Permissions Required VDB Entry |
| https://vuldb.com/?id.263105 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.323810 | Third Party Advisory VDB Entry |
| https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-view_bugSolve_captureData_commit.php.pdf | Broken Link |
| https://vuldb.com/?ctiid.263105 | Permissions Required VDB Entry |
| https://vuldb.com/?id.263105 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.323810 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
History
21 Aug 2025, 18:19
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Ruijie rg-uac 6000-u3210 Firmware
Ruijie rg-uac 6000-e50c Ruijie rg-uac 6000-e20 Ruijie rg-uac 6000-e50 Ruijie rg-uac 6000-ei Ruijie rg-uac 6000-e50m Firmware Ruijie rg-uac 6000-x20 Ruijie rg-uac 6000-cc Firmware Ruijie rg-uac 6000-x100s Firmware Ruijie rg-uac 6000-x20m Ruijie rg-uac 6000-isg40 Ruijie rg-uac 6000-isg200 Firmware Ruijie rg-uac 6000-x300d Ruijie rg-uac 6000-ei Firmware Ruijie rg-uac 6000-e20c Ruijie rg-uac 6000-x100 Ruijie rg-uac 6000-e20m Ruijie rg-uac 6000-isg40 Firmware Ruijie rg-uac 6000-e10c Firmware Ruijie rg-uac 6000-x20me Ruijie rg-uac 6000-e20m Firmware Ruijie rg-uac 6000-si Ruijie rg-uac 6000-e10 Firmware Ruijie rg-uac 6000-ea Ruijie rg-uac 6000-ea Firmware Ruijie rg-uac 6000-u3100 Ruijie rg-uac 6000-e10c Ruijie rg-uac 6000-x100 Firmware Ruijie rg-uac 6000-x300d Firmware Ruijie rg-uac 6000-isg02 Ruijie rg-uac 6000-si Firmware Ruijie rg-uac 6000-e20 Firmware Ruijie rg-uac 6000-u3210 Ruijie rg-uac 6000-x100s Ruijie rg-uac 6000-x200 Firmware Ruijie rg-uac 6000-x20m Firmware Ruijie rg-uac 6000-x60 Firmware Ruijie Ruijie rg-uac 6000-e50c Firmware Ruijie rg-uac 6000-xs Ruijie rg-uac 6000-e50 Firmware Ruijie rg-uac 6000-isg02 Firmware Ruijie rg-uac 6000-u3100 Firmware Ruijie rg-uac 6000-e20c Firmware Ruijie rg-uac 6000-isg200 Ruijie rg-uac 6000-x60 Ruijie rg-uac 6000-e10 Ruijie rg-uac 6000-isg10 Ruijie rg-uac 6000-e50m Ruijie rg-uac 6000-x20me Firmware Ruijie rg-uac 6000-cc Ruijie rg-uac 6000-xs Firmware Ruijie rg-uac 6000-isg10 Firmware Ruijie rg-uac 6000-x20 Firmware Ruijie rg-uac 6000-x200 |
|
| References | () https://github.com/h0e4a0r1t/-2x3J-1rPc-1-0-/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-view_bugSolve_captureData_commit.php.pdf - Broken Link | |
| References | () https://vuldb.com/?ctiid.263105 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.263105 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.323810 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:h:ruijie:rg-uac_6000-x20me:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x60:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x200:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e20_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-si:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-si_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-isg10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x20me_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e50:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-ea_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x100s:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x300d_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e50m_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x100:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-u3210_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-cc:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-u3100:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-isg40:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-cc_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e10c:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-u3210:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e20:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-ei:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e20c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e50c:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x20m_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e20c:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e20m_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-ea:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-isg02:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x60_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-isg200:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-xs_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e10:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x300d:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x20:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e50_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-isg10:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e10c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e10:3.0:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-isg02_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-xs:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-ei_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x100s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e20m:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-e50c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-x20m:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-isg200_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ruijie:rg-uac_6000-e50m:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x20_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-x200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-isg40_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-uac_6000-u3100_firmware:-:*:*:*:*:*:*:* |
Information
Published : 2024-05-05 20:15
Updated : 2025-08-21 18:19
NVD link : CVE-2024-4501
Mitre link : CVE-2024-4501
CVE.ORG link : CVE-2024-4501
JSON object : View
Products Affected
ruijie
- rg-uac_6000-si
- rg-uac_6000-x20
- rg-uac_6000-u3210
- rg-uac_6000-e50m_firmware
- rg-uac_6000-ea_firmware
- rg-uac_6000-xs_firmware
- rg-uac_6000-e20
- rg-uac_6000-xs
- rg-uac_6000-e20m
- rg-uac_6000-x20m
- rg-uac_6000-x20me_firmware
- rg-uac_6000-x100
- rg-uac_6000-e10_firmware
- rg-uac_6000-isg02
- rg-uac_6000-e20m_firmware
- rg-uac_6000-e50_firmware
- rg-uac_6000-e10c
- rg-uac_6000-x20m_firmware
- rg-uac_6000-isg200
- rg-uac_6000-x200
- rg-uac_6000-x60
- rg-uac_6000-x100s_firmware
- rg-uac_6000-e20c_firmware
- rg-uac_6000-isg10
- rg-uac_6000-isg200_firmware
- rg-uac_6000-x100s
- rg-uac_6000-e50
- rg-uac_6000-si_firmware
- rg-uac_6000-x300d_firmware
- rg-uac_6000-x100_firmware
- rg-uac_6000-cc
- rg-uac_6000-u3100
- rg-uac_6000-cc_firmware
- rg-uac_6000-ea
- rg-uac_6000-e50m
- rg-uac_6000-e10
- rg-uac_6000-e50c_firmware
- rg-uac_6000-isg10_firmware
- rg-uac_6000-x20me
- rg-uac_6000-x300d
- rg-uac_6000-ei
- rg-uac_6000-isg02_firmware
- rg-uac_6000-x60_firmware
- rg-uac_6000-x20_firmware
- rg-uac_6000-isg40
- rg-uac_6000-u3210_firmware
- rg-uac_6000-isg40_firmware
- rg-uac_6000-e20c
- rg-uac_6000-ei_firmware
- rg-uac_6000-u3100_firmware
- rg-uac_6000-x200_firmware
- rg-uac_6000-e20_firmware
- rg-uac_6000-e10c_firmware
- rg-uac_6000-e50c
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')