CVE-2021-43164

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
References
Link Resource
http://packetstormsecurity.com/files/167099/Ruijie-Reyee-Mesh-Router-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://ruijie.com Not Applicable
https://seclists.org/fulldisclosure/2022/May/0 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ruijienetworks:reyeeos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ruijienetworks:rg-ew1200:-:*:*:*:*:*:*:*
cpe:2.3:h:ruijienetworks:rg-ew1200g_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ruijienetworks:rg-ew1800gx_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ruijienetworks:rg-ew300_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ruijienetworks:rg-ew3200gx_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-05-04 01:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-43164

Mitre link : CVE-2021-43164

CVE.ORG link : CVE-2021-43164


JSON object : View

Products Affected

ruijienetworks

  • rg-ew1200g_pro
  • rg-ew3200gx_pro
  • rg-ew1200
  • rg-ew1800gx_pro
  • reyeeos
  • rg-ew300_pro
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')