CVE-2024-8166

Summary

CVE-2024-8166 is a critical vulnerability identified in Ruijie EG2000K version 11.1(6)B2, which allows for unrestricted file uploads via the /tool/index.php?c=download&a=save endpoint. This vulnerability can be exploited remotely, potentially enabling attackers to upload dangerous files to the affected system. The vendor has not responded to disclosures regarding this vulnerability, heightening concerns about its exploitation in the wild. To mitigate this risk, organizations using the affected product are advised to implement strict access controls and monitor their systems for unauthorized file uploads. The vulnerability has been assigned a CVSS score of 4.9, indicating a medium severity level with potential impacts on availability and requiring high privileges for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.