漏洞描述
锐捷网管系统是由北京锐捷数据时代科技有限公司开发的新一代基于云的网络管理软件,以“数据时代创新网管与信息安全”为口号,定位于终端安全、IT运营及企业服务化管理统一解决方案。Ruijie-EWEB 网管系统 flwo.control.php 中的 type 参数存在命令执行漏洞,攻击者可利用该漏洞执行任意命令。
Ruijie-EWEB 网管系统 flwo.control.php 文件 type 参数任意命令执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-4169: Ruijie RG-EW1200G Router - Password Reset
- POC CVE-2023-4415: Ruijie RG-EW1200G Router Background - Login Bypass
- POC CVE-2024-24116: Ruijie RG-NBS2009G-P - Improper Authentication
- POC CNVD-2021-14536: Ruijie RG-UAC Information Disclosure
- POC CNVD-2021-27648: Ruijie RG-UAC Information Leakage Vulnerability
- POC ruijie-eg-password-leak: Ruijie EG Information Disaclosure
- POC ruijie-smartweb-password-disclosure: Ruijie smartweb password information disclosure
- POC CNVD-2020-56167: Ruijie Smartweb - Default Password
- POC CNVD-2021-09650: Ruijie Networks-EWEB Network Management System - Remote Code Execution
- POC CNVD-2021-14536: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
- POC CNVD-2021-17369: Ruijie Smartweb Management System Password Information Disclosure
- POC ruijie-nbr-default-login: Ruijie NBR Series Routers - Default Login
- POC ruijie-nbr1300g-exposure: Ruijie NBR1300G Cli Password Leak - Detect