CVE-2023-48849 in Ruijieinfo

Summary

by MITRE • 12/06/2023

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 03/02/2026

The vulnerability identified as CVE-2023-48849 affects Ruijie EG Series Routers running firmware versions EG_3.0(1)B11P216 and earlier, representing a critical security flaw that enables remote code execution without authentication. This vulnerability stems from improper input validation and filtering mechanisms within the router's web interface and administrative services, creating an exploitable entry point for malicious actors. The affected devices are widely deployed in enterprise and organizational networks, making this vulnerability particularly concerning from a cybersecurity perspective.

The technical root cause of this vulnerability lies in the insufficient sanitization of user inputs within the router's management interface, specifically in the handling of parameters passed to internal system commands. This improper filtering allows attackers to inject malicious payloads that bypass authentication mechanisms and execute arbitrary code on the affected devices. The flaw operates at the application layer, where web-based administrative interfaces fail to properly validate or escape user-supplied data before processing. According to CWE classification, this vulnerability maps to CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'), which is a well-documented weakness in software security practices. The vulnerability's exploitation pathway aligns with ATT&CK technique T1219: Remote Access Software, as it allows unauthorized remote access and control of network infrastructure devices.

The operational impact of CVE-2023-48849 extends beyond simple unauthorized access, as successful exploitation can lead to complete network compromise and persistent backdoor access. Attackers can leverage this vulnerability to gain root-level privileges on the affected routers, enabling them to modify network configurations, redirect traffic, establish persistent access points, and potentially use the compromised devices as launch points for further attacks within the network. The unauthenticated nature of the vulnerability means that no credentials are required for exploitation, making it particularly dangerous in environments where network devices are not properly secured or monitored. Organizations with multiple affected routers face the risk of widespread network disruption, data exfiltration, and potential lateral movement throughout their infrastructure.

Mitigation strategies for CVE-2023-48849 should prioritize immediate firmware updates from Ruijie to address the underlying filtering vulnerabilities. Network administrators should implement network segmentation and access controls to limit exposure of affected devices to untrusted networks, while also monitoring for suspicious network traffic patterns that might indicate exploitation attempts. The implementation of web application firewalls and intrusion detection systems can help detect and block exploitation attempts targeting this vulnerability. Additionally, organizations should conduct comprehensive network audits to identify all affected devices and ensure that administrative interfaces are not directly exposed to the internet. Regular vulnerability assessments and penetration testing should be performed to identify similar filtering issues in other network infrastructure components, aligning with industry best practices for maintaining network security posture.

Reservation

11/20/2023

Disclosure

12/06/2023

Moderation

accepted

CPE

ready

EPSS

0.01290

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!