RCE in Ruijie Networks Co., Ltd. Rg-uac
CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, c…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.037 (88.3th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (third-party-advisory)