CVE-2023-4415 - Critical Vulnerability Found in Ruijie RG-EW120G 07161417 r483: Improper Authentication and Exploit Details

A critical vulnerability, identified as _CVE-2023-4415_, was recently discovered in Ruijie RG-EW120G 07161417 r483. This issue affects an unknown functionality within the /api/sys/login file, leading to improper authentication. As a result, attackers can exploit this vulnerability remotely. Despite contacting the vendor, there has been no response to this disclosure. This vulnerability has been assigned the identifier VDB-237518.

The vulnerable code snippet in the /api/sys/login file is as follows

function authenticate(username, password) {
  ...
}

Below are the original reference links associated with this vulnerability

1. CVE-2023-4415 - National Vulnerability Database
2. VDB-237518 - Vulnerability Details
3. Ruijie Networks Security Advisory

Exploit Details

The improper authentication vulnerability can be remotely exploited by attackers, allowing them unauthorized access to the system. To do so, the attackers will send a specially crafted request to the /api/sys/login endpoint with a malicious payload designed to exploit this vulnerability.

Example of the exploitation payload

POST /api/sys/login HTTP/1.1
Host: target-ip
Content-Type: application/json

{
  "username": "admin",
  "password": "test'"
}

Upon successful exploitation, the attacker will gain unauthorized access to the affected system, potentially compromising sensitive information and controlling the system.

Vendor Response and Mitigation

The vendor, Ruijie Networks, was contacted early about this vulnerability disclosure but did not respond in any way. As a temporary solution, users of the Ruijie RG-EW120G 07161417 r483 are advised to:

Implement network segmentation to limit the exposure of management interfaces.

2. Restrict access to the /api/sys/login endpoint to only trusted IP addresses and networks.

Conclusion

CVE-2023-4415 is a critical vulnerability affecting the Ruijie RG-EW120G 07161417 r483, which can lead to improper authentication and unauthorized access. The exploit can be launched remotely, posing a significant risk to affected systems. Users are advised to implement the suggested mitigation measures and monitor their systems for any suspicious activity until the vendor releases an official patch or update to address this vulnerability.

Timeline

Published on: 08/18/2023 16:15:00 UTC
Last modified on: 08/24/2023 14:11:00 UTC