Back to KEVs

CVE-2023-4169

Ruijie RG-EW1200G Administrator Password set_passwd access control

Basic Information

CVE State
PUBLISHED
Reserved Date
August 04, 2023
Published Date
August 05, 2023
Last Updated
August 02, 2024
Vendor
Ruijie
Product
RG-EW1200G
Description
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Ruijie RG-EW1200G 1.0(1)B1P5 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /api/sys/set_passwd der Komponente Administrator Password Handler. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

6.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v3.0

6.3 - MEDIUM

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2.0

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploit Status

Proof of Concept Available
Yes (added 2023-10-16 05:08:06 UTC) Source

References

https://vuldb.com/?id.236185 https://vuldb.com/?ctiid.236185 https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-11-26 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4169.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415

Type: github • Created: 2023-10-16 05:08:06 UTC • Stars: 26

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel