CVE-2024-5336 in RG-UAC
Summary
by MITRE • 05/25/2024
A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266242 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/22/2025
The vulnerability identified as CVE-2024-5336 represents a critical command injection flaw within Ruijie RG-UAC network security appliances, specifically affecting versions up to 20240516. This vulnerability resides in the network configuration module where the addVlan function processes VLAN creation requests through the file /view/networkConfig/vlan/vlan_add_commit.php. The flaw manifests when the phyport parameter is manipulated, allowing attackers to inject operating system commands directly into the appliance's execution environment. The vulnerability's classification as critical stems from its remote exploitability and the potential for full system compromise, as command injection attacks can enable attackers to execute arbitrary code with the privileges of the affected service.
The technical exploitation of this vulnerability follows a command injection pattern that aligns with CWE-77 and CWE-88, where untrusted data flows into operating system commands without proper sanitization or validation. The phyport argument serves as the attack vector, where an attacker can craft malicious input that gets directly incorporated into system commands executed by the appliance. This creates a pathway for attackers to escalate privileges, gain persistent access, and potentially compromise the entire network infrastructure managed by the affected device. The vulnerability's disclosure and public availability through VDB-266242 indicates that working exploit code exists, increasing the risk of widespread exploitation across affected deployments.
Operationally, this vulnerability poses significant risks to network security infrastructure, as Ruijie RG-UAC appliances typically serve as critical access control and network management devices. Attackers exploiting this vulnerability could gain unauthorized access to network configurations, potentially leading to man-in-the-middle attacks, network segmentation bypasses, or complete network compromise. The remote attack capability means that adversaries do not require physical access or network proximity to exploit the vulnerability, making it particularly dangerous for organizations with distributed network deployments. The lack of vendor response to early disclosure attempts further compounds the risk, leaving affected organizations without official patches or mitigation guidance during the active exploitation period.
Organizations affected by CVE-2024-5336 should implement immediate network segmentation measures to isolate affected appliances and monitor for suspicious network activity. The recommended mitigations include disabling unnecessary network services, implementing strict input validation on all user-supplied parameters, and deploying network intrusion detection systems to monitor for exploitation attempts. Security teams should also consider implementing web application firewalls to filter malicious requests targeting the specific vulnerable endpoint. The vulnerability's alignment with ATT&CK techniques such as T1059.001 (Command and Scripting Interpreter) and T1068 (Exploitation for Privilege Escalation) indicates that exploitation would likely involve command execution and privilege escalation phases. Organizations should also review their incident response procedures to prepare for potential compromise scenarios and consider conducting vulnerability assessments to identify other potential command injection vulnerabilities in their network infrastructure.