Vulnerability Description
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruijienetworks | Reyeeos | <= 1.55.1915_ew_3.0\(1\)b11p55 |
| Ruijienetworks | Rg-Ew1200 | - |
| Ruijienetworks | Rg-Ew1200G Pro | - |
| Ruijienetworks | Rg-Ew1800Gx Pro | - |
| Ruijienetworks | Rg-Ew300 Pro | - |
| Ruijienetworks | Rg-Ew3200Gx Pro | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167099/Ruijie-Reyee-Mesh-Router-Remote-CodeExploitThird Party AdvisoryVDB Entry
- http://ruijie.comNot Applicable
- https://seclists.org/fulldisclosure/2022/May/0Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/167099/Ruijie-Reyee-Mesh-Router-Remote-CodeExploitThird Party AdvisoryVDB Entry
- http://ruijie.comNot Applicable
- https://seclists.org/fulldisclosure/2022/May/0Mailing ListThird Party Advisory
FAQ
What is CVE-2021-43164?
CVE-2021-43164 is a vulnerability with a CVSS score of 8.8 (HIGH). A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless...
How severe is CVE-2021-43164?
CVE-2021-43164 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43164?
Check the references section above for vendor advisories and patch information. Affected products include: Ruijienetworks Reyeeos, Ruijienetworks Rg-Ew1200, Ruijienetworks Rg-Ew1200G Pro, Ruijienetworks Rg-Ew1800Gx Pro, Ruijienetworks Rg-Ew300 Pro.