Ruijie RG-UAC online.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC是中国锐捷网络（Ruijie Networks）公司的一个上网行为管理与审计产品。用于解决互联网审计问题。 Ruijie Networks RG-UAC 存在操作系统命令注入漏洞，该漏洞源于/view/vpn/autovpn/online.php 中存在未知函数，通过参数 peernode 导致操作系统命令注入。

N/A

N/A