Ruijie EG Remote Code Execution Scanner

Ruijie EG is a network device widely used in corporate environments to manage and control network traffic. IT administrators and network engineers deploy Ruijie EG to ensure efficient network management, security, and optimization. The equipment aids in handling bandwidth allocation, user management, and detailed reporting, making it essential in organizations that require stringent network control. Its reliability in performing complex routing and firewall tasks makes it popular across various industries. Ruijie EG integrates several network functions into one platform, providing an easy-to-manage interface that consolidates network operations. These devices are typically deployed in environments that rely heavily on network stability and comprehensive traffic oversight.

Remote Code Execution (RCE) vulnerability allows attackers to execute arbitrary code on a server, gaining control over the affected device. This type of vulnerability can often be exploited by sending crafted requests to exposed interfaces of applications. In the case of Ruijie EG, attackers exploit the cli.php endpoint, leading to compromise without authentication. This vulnerability is critical as it can result in unauthorized administrative access, allowing attackers to manipulate network settings and compromise data integrity. RCE vulnerabilities are particularly dangerous due to the level of access they potentially grant to malicious actors. This weakness requires immediate attention to ensure network integrity and security.

The RCE vulnerability in Ruijie EG is associated with the cli.php endpoint, which is improperly secured, allowing for unauthenticated execution of commands. When a request is sent to this endpoint with specific payloads, the underlying system executes these commands with high privileges. Attackers leverage the weak authentication mechanism to bypass initial login steps and execute arbitrary commands. This exploit allows for listing files, changing configurations, and gaining administrative control of the device. The vulnerability exists due to inadequate input validation and improper session management within the CLI interface.

Exploiting this vulnerability can lead to a total compromise of the Ruijie EG device, allowing attackers full administrative control. Potential effects include unauthorized configuration changes, network outages, data theft, and further spreading of malware throughout the network. Malicious actors can intercept traffic, alter network policies, or introduce persistent backdoors for continuous access. These actions not only compromise the immediate device but can also extend to network users, leading to broader security incidents. The breach could yield control over all network operations managed by the affected Ruijie EG device, endangering overall network security and reliability.

REFERENCES

• https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
• https://www.ruijienetworks.com