CVE-2024-24117 in RG-NBS2009G-P
Summary
by MITRE • 10/03/2024
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/08/2025
The CVE-2024-24117 vulnerability represents a critical insecure permissions flaw within the Ruijie RG-NBS2009G-P network security appliance running RGOS version 10.4(1)P2 Release (9736). This vulnerability specifically targets the login check state component, which serves as a fundamental authentication mechanism for the device's administrative interface. The flaw allows remote attackers to escalate privileges without proper authentication, fundamentally undermining the security model of the network appliance. The vulnerability exists due to improper access control implementation where the system fails to adequately validate user credentials during the authentication process, creating a pathway for unauthorized privilege elevation.
The technical exploitation of this vulnerability stems from a weakness in the authentication state management system within the RGOS operating environment. Attackers can manipulate the login check state component to bypass normal authentication procedures, potentially gaining administrative access to the device. This type of vulnerability falls under the CWE-284 category, which specifically addresses improper access control mechanisms, and aligns with ATT&CK technique T1078 for valid accounts and privilege escalation. The vulnerability's remote exploitability means that attackers do not require physical access or local network presence to leverage the flaw, making it particularly dangerous in network environments where such devices are exposed to external threats.
The operational impact of CVE-2024-24117 extends beyond simple unauthorized access, as it provides attackers with full administrative control over the affected network security appliance. This level of access enables threat actors to modify firewall rules, alter network configurations, redirect traffic, and potentially establish persistent backdoors within the network infrastructure. The compromised device can then serve as a pivot point for lateral movement attacks against other network segments, while the attacker maintains the ability to monitor and manipulate network traffic. Organizations relying on Ruijie RG-NBS2009G-P appliances for network security face significant risk of data breaches, service disruption, and potential compromise of their entire network infrastructure.
Mitigation strategies for this vulnerability should prioritize immediate firmware updates from Ruijie to address the insecure permissions flaw in the login check state component. Network administrators must implement network segmentation to limit exposure of these devices to untrusted networks and establish robust monitoring for unauthorized access attempts. Additional protective measures include implementing strong network access controls, disabling unnecessary services, and conducting regular security audits of network infrastructure devices. Organizations should also consider deploying intrusion detection systems to monitor for suspicious authentication patterns and establish incident response procedures specifically addressing privilege escalation vulnerabilities. The vulnerability's classification under CWE-284 and ATT&CK T1078 emphasizes the need for comprehensive access control reviews and privileged account management practices to prevent exploitation of similar authentication bypass flaws in network security infrastructure.