CVE-2023-7304
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-11-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruijie | rg-uac_application_management_gateway | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-7304 is a critical command injection vulnerability in the Ruijie RG-UAC Application Management Gateway via the 'nmc_sync.php' interface. An unauthenticated attacker who can access this endpoint can inject arbitrary shell commands through crafted request data, causing the application to execute these commands on the host system. This can lead to full control over the application process and potentially system-level access depending on the privileges of the service running the application. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the affected system, potentially gaining full control over the RG-UAC gateway. Exploitation can lead to system-level access, enabling attackers to compromise confidentiality, integrity, and availability of the system. It poses a critical security risk as attackers can establish reverse shells and fully compromise the device. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted GET requests to the vulnerable endpoint `/view/systemConfig/management/nmc_sync.php` with parameters such as `center_ip` and `template_path` containing injected shell commands. For example, a command like `whoami > test.txt` can be injected to verify command execution by checking if the file `test.txt` is created and contains the output. Monitoring for unusual requests to this endpoint or unexpected file creations can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable `nmc_sync.php` endpoint to trusted users or networks only, applying any available patches or updates from the vendor, and monitoring network traffic for suspicious requests targeting this endpoint. Additionally, implementing network-level protections such as firewalls or intrusion detection systems to block or alert on exploitation attempts can reduce risk. [1, 2]