VYPR
Vendor

Ruijie Networks

Products
48
CVEs
126
Across products
116
Status
Private

Products

48
View all 48 products →

Recent CVEs

126
View all 126 CVEs →
  • CVE-2023-7330CriNov 24, 2025
    risk 0.61cvss epss 0.01

    Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation…

  • CVE-2023-7304CriOct 15, 2025
    risk 0.61cvss epss 0.04

    Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute…

  • CVE-2020-36870CriNov 7, 2025
    risk 0.60cvss epss 0.01

    Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest…

  • CVE-2024-32394HigApr 22, 2024
    risk 0.58cvss 8.8epss 0.13

    An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.

  • CVE-2024-31616HigApr 23, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.

  • CVE-2020-37015HigJan 29, 2026
    risk 0.49cvss 7.5epss 0.01

    The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../'…

  • CVE-2026-12197HigJun 15, 2026
    risk 0.47cvss 7.2epss 0.02

    A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection.…

  • CVE-2026-23699HigJan 22, 2026
    risk 0.47cvss 7.2epss 0.02

    AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.

  • CVE-2025-68459HigDec 18, 2025
    risk 0.47cvss 7.2epss 0.01

    RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

  • CVE-2025-58778HigOct 16, 2025
    risk 0.47cvss 7.2epss 0.01

    Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to…

  • CVE-2024-51027MedNov 13, 2024
    risk 0.42cvss 6.5epss 0.07

    Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.

  • CVE-2025-11141MedSep 29, 2025
    risk 0.31cvss 4.7epss 0.04

    A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be…

  • CVE-2025-10774MedSep 22, 2025
    risk 0.31cvss 4.7epss 0.04

    A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2025-9424MedAug 25, 2025
    risk 0.31cvss 4.7epss 0.18

    A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed…

  • CVE-2025-8763LowAug 9, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mod…

  • CVE-2024-24116Oct 2, 2024
    risk 0.07cvss epss 0.24

    An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

  • CVE-2023-4415Aug 18, 2023
    risk 0.07cvss epss 0.56

    A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has…

  • CVE-2023-4169Aug 5, 2023
    risk 0.07cvss epss 0.47

    A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access…

  • CVE-2023-3450Jun 28, 2023
    risk 0.05cvss epss 0.50

    A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2023-3306Jun 18, 2023
    risk 0.05cvss epss 0.23

    A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The…