ГлавнаяУязвимости → CVE-2025-56108
8.8высокая

CVE-2025-56108

Описание

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Затрагиваемое ПО
Ruijie X30 pro firmwareRuijie X30 proRuijie Rg-eap602 firmwareRuijie Rg-eap602Ruijie Rg-est350 firmwareRuijie Rg-est350Ruijie Rg-ew300 pro firmwareRuijie Rg-ew300 proRuijie Rg-est310 firmwareRuijie Rg-est310
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://1drv.ms/f/c/12406a392c92914b/EtGIxwWujwxBvQhL9wgnUIwBkg-mndJJX07Igr6d0cic-g?e=4KJbWYhttps://1drv.ms/t/c/12406a392c92914b/Ecib6--fxv9HhrfAdhmP5R4BOPDcTcqTOBt0hQBEx5BTxA?e=s3ejN1https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56108.md