Refine your search
4 vulnerabilities found for by Ruijie Networks Co., Ltd.
CVE-2026-23699 (GCVE-0-2026-23699)
Vulnerability from cvelistv5
Published
2026-01-22 01:41
Modified
2026-01-22 17:39
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Summary
AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | AP180(JA) V1.xx |
Version: prior to AP_RGOS 11.9(4)B1P8 |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T17:33:57.826150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T17:39:43.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AP180(JA) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180(JP) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-AC V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-PE V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180(JA) V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-AC V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-PE V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-AC V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
},
{
"product": "AP180-PE V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to AP_RGOS 11.9(4)B1P8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T01:41:22.386Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ruijie.co.jp/products/rg-ap180-pe_p432111650928590848.html#productDocument"
},
{
"url": "https://jvn.jp/en/jp/JVN86850670/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-23699",
"datePublished": "2026-01-22T01:41:22.386Z",
"dateReserved": "2026-01-15T01:07:48.781Z",
"dateUpdated": "2026-01-22T17:39:43.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68459 (GCVE-0-2025-68459)
Vulnerability from cvelistv5
Published
2025-12-18 05:51
Modified
2025-12-18 15:33
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Summary
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | AP180-PE V3.xx |
Version: AP_RGOS 11.9(4)B1P8 and earlier |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:28:34.206269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:43.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AP180-PE V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JA) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JP) V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-PE V1.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180(JA) V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-PE V2.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
},
{
"product": "AP180-AC V3.xx",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_RGOS 11.9(4)B1P8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T05:51:07.988Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94068946/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-68459",
"datePublished": "2025-12-18T05:51:07.988Z",
"dateReserved": "2025-12-17T23:37:17.886Z",
"dateUpdated": "2025-12-18T15:33:43.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58778 (GCVE-0-2025-58778)
Vulnerability from cvelistv5
Published
2025-10-16 06:04
Modified
2025-10-16 14:31
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-912 - Hidden functionality
Summary
Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | RG-EST300 |
Version: AP_3.0(1)B2P18_EST300_06210514 Version: AP_3.0(1)B2P10_EST300_06151523 Version: AP_3.0(1)B2P10_EST300_05232216 Version: and AP_3.0(1)B2P10_EST300_05220814 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:30:56.658999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:31:05.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RG-EST300",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AP_3.0(1)B2P18_EST300_06210514"
},
{
"status": "affected",
"version": "AP_3.0(1)B2P10_EST300_06151523"
},
{
"status": "affected",
"version": "AP_3.0(1)B2P10_EST300_05232216"
},
{
"status": "affected",
"version": "and AP_3.0(1)B2P10_EST300_05220814"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "Hidden functionality",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:04:43.115Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/"
},
{
"url": "https://www.ruijie.com/en-global/support/productLifecycle"
},
{
"url": "https://jvn.jp/en/jp/JVN72648885/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58778",
"datePublished": "2025-10-16T06:04:43.115Z",
"dateReserved": "2025-09-05T03:22:34.671Z",
"dateUpdated": "2025-10-16T14:31:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7304 (GCVE-0-2023-7304)
Vulnerability from cvelistv5
Published
2025-10-15 01:22
Modified
2025-11-21 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ruijie Networks Co., Ltd. | RG-UAC |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:27:34.499011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:27:48.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"nmc_sync.php endpoint"
],
"product": "RG-UAC",
"vendor": "Ruijie Networks Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruijie:rg-uac:-:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous User on CN-SEC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the \u0027nmc_sync.php\u0027 interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.\u003cbr\u003e"
}
],
"value": "Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the \u0027nmc_sync.php\u0027 interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:17:56.857Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://cn-sec.com/archives/2284248.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ruijie-rg-uac-nmc-sync-php-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Ruijie RG-UAC nmc_sync.php Command Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7304",
"datePublished": "2025-10-15T01:22:10.130Z",
"dateReserved": "2025-07-24T13:59:10.308Z",
"dateUpdated": "2025-11-21T16:17:56.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}