Compare Products
Hide
VS
Home > Security Bulletins >Security Advisory about the Command Injection Vulnerability Involving the Eweb Management System
According to external reports, a command injection vulnerability exists on the Eweb management system of some Ruijie products. The details are as follows:
Certain Eweb management systems are susceptible to remote code injection attacks. This allows unauthorized attackers to exploit this vulnerability to gain control over the device.
This vulnerability was discovered in the test by Wang Jincheng from the X1cT34m team of Nanjing University of Posts and Telecommunications. Ruijie expresses gratitude for the attention of Wang Jincheng paid to Ruijie product security.
Involved product models and software versions include:
Model |
Software Version |
Reyee NBS3/5/6/7 Series |
SWITCH_3.0(1)B11P219 and earlier versions, excluding R219. |
Reyee EG Series |
EG_3.0(1)B11P219 and earlier versions, excluding R219. |
Reyee EAP/RAP/NBC Series |
AP_3.0(1)B11P219 and earlier versions, excluding R219. |
Reyee EW Series |
EW_3.0(1)B11P219 and earlier versions, excluding R219. |
Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details, see: https://www.first.org/cvss/v3.1/specification-document
CVSS3.1 base score: 9.8
CVSS v3.1 Vector: AV:AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Model |
Software Version |
Description |
See Model in the Affected Products and Versions. |
https://www.ruijienetworks.com/resources/products/?activeName=software |
The latest version has been released on Ruijie Cloud and the official website. Please upgrade promptly. |
Ruijie is always customer-centric and protects the ultimate interests of users with best efforts. Ruijie adheres to the responsible disclosure of security incidents and handles product security issues through the product security incident response mechanism. Customers can access Ruijie product security information by visiting the Ruijie PSIRT website or promptly provide security information feedback through the following website: https://www.ruijienetworks.com/support/securityBulletins.
Ruijie will continue to monitor this vulnerability, and relevant investigations are still ongoing. If there is any progress, this security advisory will be updated at the first opportunity. Please pay attention to updates.
You can contact us through the following channels:
Support:https://www.ruijienetworks.com/support
Live Chat(English):https://networks.s5.udesk.cn/im_client/?web_plugin_id=1296&language=en-us
Live Chat(Español):https://networks.s5.udesk.cn/im_client/?web_plugin_id=1575&language=es
Community:https://community.ruijienetworks.com/portal.php
To report a security vulnerability in Ruijie products and solutions, please send it to PSIRT@ruijie.com.cn.
Ruijie Networks Co., Ltd.
May 22, 2023
Ruijie Networks websites use cookies to deliver and improve the website experience.
See our cookie policy for further details on how we use cookies and how to change your cookie settings.
Cookie Manager
When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.
Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.
This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.
Contact Us
How can we help you?
Your opinions and feelings are crucial for our improvement.
Fill in the survey