ГлавнаяУязвимости → CVE-2025-56113
8.8высокая

CVE-2025-56113

Описание

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Затрагиваемое ПО
Ruijie Rg-yst250f firmwareRuijie Rg-yst250fRuijie Rg-est310 v2 firmwareRuijie Rg-est310 v2Ruijie Reyee osRuijie Rg-est350 v2Ruijie Rg-ew300 proRuijie Rg-eap602 firmwareRuijie Rg-eap602
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://1drv.ms/f/c/12406a392c92914b/EsGqqVSQqCVBjjz2FhAHAiAB4MCHo41vIuw2wPgLykbupA?e=YgF1gthttps://1drv.ms/t/c/12406a392c92914b/EY_XOykAOvJJkGsDkmahTboBmmvNWczbXF3brroYsTWmTA?e=2Itztahttps://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56113.md