Vulnerability Description
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruijie | Rg-Nbr700Gw Firmware | 10.3\(4b12\) |
| Ruijie | Rg-Nbr700Gw | - |
Related Weaknesses (CWE)
References
- https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfeBroken Link
- https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1Broken Link
- https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfeBroken Link
- https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1Broken Link
FAQ
What is CVE-2024-28288?
CVE-2024-28288 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in...
How severe is CVE-2024-28288?
CVE-2024-28288 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-28288?
Check the references section above for vendor advisories and patch information. Affected products include: Ruijie Rg-Nbr700Gw Firmware, Ruijie Rg-Nbr700Gw.