CVE-2024-5340 in RG-UAC
Summary
by MITRE • 05/26/2024
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/22/2025
The vulnerability identified as CVE-2024-5340 represents a critical command injection flaw within Ruijie RG-UAC version 20240516 and earlier, exposing a significant security risk to network infrastructure deployments. This issue specifically targets the /view/vpn/autovpn/sub_commit.php file where improper input validation allows attackers to manipulate the key argument parameter, enabling arbitrary operating system command execution. The vulnerability's classification as critical stems from its remote exploitability and the fact that a public exploit has already been disclosed, making it immediately actionable by threat actors. The attack vector requires no local access or authentication, as the flaw exists within a web-accessible endpoint that processes user-supplied parameters without adequate sanitization or validation mechanisms.
The technical exploitation of this vulnerability occurs through the manipulation of the key argument within the sub_commit.php file, which serves as an entry point for operating system command injection attacks. When an attacker submits malicious input through this parameter, the application fails to properly sanitize or escape the input before processing, allowing crafted commands to be executed with the privileges of the web application user. This type of vulnerability falls under CWE-77, which specifically addresses command injection flaws where user-controllable data is directly incorporated into operating system commands. The attack can be executed entirely through web-based interfaces without requiring any specialized tools beyond standard network reconnaissance and exploitation frameworks. The lack of response from the vendor despite early notification indicates a potential gap in the security disclosure process and suggests that organizations may be operating with limited vendor support for this critical vulnerability.
The operational impact of this vulnerability extends beyond simple unauthorized command execution, as it provides attackers with potential access to underlying network infrastructure and sensitive system information. An attacker could leverage this vulnerability to establish persistent access, escalate privileges, or conduct further reconnaissance within the network environment. The implications are particularly severe for organizations relying on Ruijie RG-UAC for network access control, as successful exploitation could lead to complete compromise of the authentication and authorization mechanisms. This vulnerability aligns with ATT&CK technique T1059.001 for command and scripting interpreter, specifically focusing on the execution of operating system commands through web interfaces. Organizations utilizing this software should consider the vulnerability as a high-priority threat requiring immediate remediation.
Mitigation strategies for CVE-2024-5340 should prioritize immediate patching of affected Ruijie RG-UAC devices with vendor-provided security updates. Organizations unable to patch immediately should implement network segmentation and access controls to limit exposure of the vulnerable web interface to untrusted networks. The implementation of web application firewalls and input validation controls can provide additional defense-in-depth measures. Security monitoring should include detection of suspicious parameter values and command execution patterns within network logs. Regular vulnerability assessments and penetration testing should be conducted to identify similar flaws in other network infrastructure components. The absence of vendor response to early disclosure highlights the importance of maintaining independent security research and awareness of potential supply chain vulnerabilities. Organizations should also consider implementing network access control lists and restricting administrative access to only necessary personnel and systems to minimize potential impact from successful exploitation attempts.