CVE-2024-4504

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published May 5, 2024

Updated: Jun 4, 2024

CWE ID 863

CWE ID 200

Summary

CVE-2024-4504 is a critical vulnerability affecting Ruijie RG-UAC versions up to 20240428. The issue lies within the unknown functionality of the commit.php file located at /view/HAconfig/baseConfig/. An attacker can manipulate the peer_ip/local_ip argument to inject os commands remotely. This vulnerability, identified as VDB-263108, has been publicly disclosed and exploited. Unfortunately, the vendor did not respond to early disclosure efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/x9S4W4
https://www.cve.org/CVERecord?id=CVE-2024-4504
https://nvd.nist.gov/vuln/detail/CVE-2024-4504

Back to Vulnerability Database

CVE-2024-4504

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations