RCE in Ruijie Rg-eap101
CVE-2023-38902
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.022 (80.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Ruijie Rg-eap101
- Ruijie Rg-eap101_firmware — versions 3.0\(1\)b11p219
- Ruijie Rg-eap101_v2
- Ruijie Rg-eap101_v2_firmware — versions 3.0\(1\)b11p219
- Ruijie Rg-eap102
- Ruijie Rg-eap102\(f\)
- Ruijie Rg-eap102\(f\)_firmware — versions 3.0\(1\)b11p219
- Ruijie Rg-eap102_firmware — versions 3.0\(1\)b11p219
- Ruijie Rg-eap102_v2
- Ruijie Rg-eap102_v2_firmware — versions 3.0\(1\)b11p219
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, Third Party Advisory)
Frequently asked questions
- What is CVE-2023-38902?
- CVE-2023-38902 is a high-severity vulnerability in Ruijie Rg-eap101, classified under Command Injection. CVSS score: 8.8/10. Published 2023-08-17.
- How severe is CVE-2023-38902?
- High severity. CVSS v3 base score is 8.8 out of 10.