CVE-2025-56091
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruijie | rg-ew1800gx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring for crafted POST requests targeting the module_set in the /usr/local/lua/dev_config/config_retain.lua file on Ruijie RG-EW1800GX devices. Specifically, inspecting HTTP POST traffic for unusual or suspicious payloads aimed at this endpoint may help identify exploitation attempts. Commands such as using tcpdump or Wireshark to capture HTTP POST requests to the device's management interface, or using curl to test sending crafted POST requests to see if arbitrary command execution is possible, can be useful. For example, using curl to send a crafted POST request to the vulnerable endpoint and observing the response can help detect the vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection in the Ruijie RG-EW1800GX device. It allows attackers to execute arbitrary operating system commands by sending a specially crafted POST request to the module_set in the file /usr/local/lua/dev_config/config_retain.lua.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary commands on the affected device, potentially leading to unauthorized control, data theft, disruption of services, or further compromise of the network where the device is deployed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the management interface of the Ruijie RG-EW1800GX device to trusted networks only, applying any available patches or firmware updates from the vendor addressing this vulnerability, and monitoring network traffic for suspicious POST requests targeting the vulnerable module_set endpoint. If patches are not yet available, disabling or restricting the affected functionality or using firewall rules to block malicious POST requests can help reduce risk. [1]