How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for crafted POST requests targeting the module_set in the /usr/local/lua/dev_config/config_retain.lua file on Ruijie RG-EW1200 devices. Network detection can involve inspecting HTTP POST traffic for unusual or suspicious payloads directed at this endpoint. On the device, checking logs for unexpected command executions or unusual activity related to the config_retain.lua module may help. Specific commands are not provided in the available resources. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

An attacker exploiting this vulnerability could execute arbitrary commands on the affected device, potentially gaining unauthorized control, disrupting device functionality, or accessing sensitive information.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability is an OS Command Injection in the Ruijie RG-EW1200 device. It allows attackers to execute arbitrary operating system commands by sending a specially crafted POST request to the module_set in the file /usr/local/lua/dev_config/config_retain.lua.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the affected device's management interfaces to trusted networks only, applying any available patches or firmware updates from Ruijie addressing this vulnerability, and monitoring for suspicious POST requests to the module_set endpoint. If patches are not yet available, consider disabling or restricting the vulnerable functionality if possible. [1]

Useful 0 Not Useful 0