CVE-2025-10774
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-09-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10774
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruijie 6000-e10 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Ruijie 6000-E10 system, specifically in the /view/vpn/autovpn/sub_commit.php script. When the HTTP POST parameter 'action' is set to 'delete', the 'key' parameter is passed directly to the system() function without proper sanitization. This allows an attacker to inject arbitrary operating system commands remotely, leading to command execution on the server with high privileges. [1]


How can this vulnerability impact me? :

An attacker can exploit this vulnerability to execute arbitrary commands on the affected server remotely. This can lead to full compromise of the server, including unauthorized access, data theft, service disruption, or further attacks within the network. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable endpoint and observing if arbitrary commands are executed. For example, you can test by sending a POST request to /view/vpn/autovpn/sub_commit.php with the body 'action=delete&key=|whoami||'. If the server executes the 'whoami' command and returns the output, it is vulnerable. A sample curl command to test this is: curl -k -X POST https://<target-ip>:4430/view/vpn/autovpn/sub_commit.php -d 'action=delete&key=|whoami||' [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, applying network-level controls such as firewall rules to limit access, and monitoring for suspicious POST requests to /view/vpn/autovpn/sub_commit.php with the 'action=delete' parameter. Since no vendor patch or response is available, consider isolating the affected system until a fix is released or implementing web application firewall (WAF) rules to block malicious payloads targeting the 'key' parameter. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart