9.4критическая
CVE-2025-56752
Описание
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi.
Затрагиваемое ПО
Ruijie Rg-es228gs-p firmwareRuijie Rg-es228gs-pRuijie Rg-es209gc-p firmwareRuijie Rg-es209gc-pRuijie Rg-es205gc-p firmwareRuijie Rg-es205gc-pRuijie Rg-es205gc firmwareRuijie Rg-es205gcRuijie Rg-es208gc firmwareRuijie Rg-es208gcRuijie Rg-es206gs-p firmwareRuijie Rg-es206gs-pRuijie Rg-es210gs-p firmwareRuijie Rg-es210gs-pRuijie Rg-es218gc-p firmwareRuijie Rg-es218gc-pRuijie Rg-es226gc-p firmwareRuijie Rg-es226gc-pRuijie Rg-es206gc-p firmwareRuijie Rg-es206gc-pRuijie Rg-es216gc firmwareRuijie Rg-es216gcRuijie Rg-es224gc firmwareRuijie Rg-es224gcRuijie Rg-es210gc-lp firmware
CVSS
| Балл | 9.4 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
Источники
https://github.com/TNCX-byte/Vulnerability_Research/blob/main/CVE-2025-56752/README.md