CVE-2024-4503

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published May 5, 2024

Updated: Jun 4, 2024

CWE ID 863

Summary

CVE-2024-4503 is a critical vulnerability affecting Ruijie RG-UAC versions up to 20240428. An unknown functionality in the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php contains a vulnerability that allows for os command injection. Manipulation of the argument interface_from can be exploited remotely, putting affected systems at risk. The exploit for this vulnerability (VDB-263107) has been made public, increasing the threat level. Despite early disclosure, the vendor has not responded to efforts to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

AWS Cloud Development Kit

Affected Vendors

Amazon Web Services

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x9SZaZ
https://www.cve.org/CVERecord?id=CVE-2024-4503
https://nvd.nist.gov/vuln/detail/CVE-2024-4503

Back to Vulnerability Database