CVE-2023-4169 - Critical Vulnerability Discovered in Ruijie RG-EW120G 1.(1)B1P5, Exploiting Administrator Password Handler

Introduction: Security researchers have discovered a critical vulnerability in the Ruijie RG-EW120G 1.(1)B1P5 wireless router that can compromise the security of the entire network. Dubbed CVE-2023-4169, the vulnerability can potentially leave millions of users exposed to cyberattacks. Ruijie Networks, the manufacturer of the router, was informed of this vulnerability, but no response has been received.

Vulnerability Details: The vulnerability in question affects an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. In simple terms, the router can be compromised through improper access controls, making it easier for attackers to gain unauthorized access to the network. This issue has been given the identifier VDB-236185.

The exploit, which can be launched remotely, has been publicly disclosed and can now be used by malicious parties. Due to the severity of the issue, it is essential for users to take prompt action.

Code Snippet: The following code snippet demonstrates the exploit associated with CVE-2023-4169

Request URL: http://<target_ip>/api/sys/set_passwd
Request Method: POST

POST Data:
{
    "old_passwd": "<old_password>",
    "new_passwd": "<new_password>"
}

This code snippet shows how an attacker can remotely send a POST request to the vulnerable endpoint, sending the old and new passwords to change the administrator password of the router.

Original References: For further technical details on CVE-2023-4169, users and administrators can refer to the following resources:

1. CVE Details: This page provides in-depth information on the vulnerability, its impact, and related information from the security community.
2. Exploit-DB: On this website, you can find the full code of the exploit, as well as instructions on reproducing the vulnerability.
3. National Vulnerability Database (NVD): The NVD offers comprehensive details about the vulnerability, including its analysis, available solutions, and affected software.

Recommended Actions: In the absence of a response from Ruijie Networks, users and administrators are advised to consider alternative routers, keeping in mind that the exploit for CVE-2023-4169 has become public knowledge. Additionally, you should monitor your network for any suspicious activity and stay informed about any new developments related to CVE-2023-4169.

Conclusion: The discovery of CVE-2023-4169 highlights the importance of keeping network devices updated and secure. Users and administrators must remain vigilant and follow best security practices. The lack of response from the vendor is unacceptable, and until a fix is released, it is essential to prioritize network security and explore alternative solutions to the vulnerable device.

Timeline

Published on: 08/05/2023 18:15:00 UTC
Last modified on: 08/09/2023 19:24:00 UTC