CVE-2023-38902

8.8

HIGH

Netgear Command Injection Vulnerability

Description

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

INFO

Published Date :

Aug. 17, 2023, 1:15 p.m.

Last Modified :

Nov. 21, 2024, 8:14 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.8

Affected Products

The following products are affected by CVE-2023-38902 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Ruijie	rg-ew1200r_firmware
2	Ruijie	rg-ew300r_firmware
3	Ruijie	rg-ew1200_firmware
4	Ruijie	rg-eg105g-e_firmware
5	Ruijie	rg-eg210g-p_firmware
6	Ruijie	rg-nbs3200-24gt4xs-p_firmware
7	Ruijie	rg-nbs3200-48gt4xs_firmware
8	Ruijie	rg-nbs3200-48gt4xs-p_firmware
9	Ruijie	rg-nbs3100-24gt4sfp_firmware
10	Ruijie	rg-nbs3100-24gt4sfp-p_firmware
11	Ruijie	rg-nbs3100-8gt2sfp_firmware
12	Ruijie	rg-nbs3100-8gt2sfp-p_firmware
13	Ruijie	rg-rap2200\(e\)_firmware
14	Ruijie	rg-rap2260\(e\)_firmware
15	Ruijie	rg-rap1200\(f\)_firmware
16	Ruijie	rg-rap2200\(f\)_firmware
17	Ruijie	rg-rap6260\(g\)_firmware
18	Ruijie	rg-rap2260\(g\)_firmware
19	Ruijie	rg-nbc256_firmware
20	Ruijie	rg-nbc512_firmware
21	Ruijie	rg-s1930-24gt4sfp_firmware
22	Ruijie	rg-s1930-24t4sfp-p_firmware
23	Ruijie	rg-s1930-8gt2sfp_firmware
24	Ruijie	rg-s1930-8gt2sfp-p_firmware
25	Ruijie	rg-s1930-8t2sfp-p_firmware
26	Ruijie	rg-s1930-24t4sfp_firmware
27	Ruijie	rg-ew1200g_pro_firmware
28	Ruijie	rg-ew1300g_firmware
29	Ruijie	rg-ew1800gx_pro_firmware
30	Ruijie	rg-ew3000gx_pro_firmware
31	Ruijie	rg-ew300_pro_firmware
32	Ruijie	rg-ew3200gx_pro_firmware
33	Ruijie	rg-nb3200-24gt4xs_firmware
34	Ruijie	rg-nbs1850gc_firmware
35	Ruijie	rg-nbs1850gc_v2_firmware
36	Ruijie	rg-nbs2000_firmware
37	Ruijie	rg-nbs2009g-p_firmware
38	Ruijie	rg-nbs200_firmware
39	Ruijie	rg-nbs2026g-p_firmware
40	Ruijie	rg-nbs2026g_firmware
41	Ruijie	rg-nbs226f_firmware
42	Ruijie	rg-nbs228f_firmware
43	Ruijie	rg-nbs252f_firmware
44	Ruijie	rg-nbs3100-24gt4sfp-p_v2_firmware
45	Ruijie	rg-nbs3100-48gt4sfp_firmware
46	Ruijie	rg-nbs3200-24sfp\/8gt4xs_firmware
47	Ruijie	rg-nbs5100-24gt4sfp_firmware
48	Ruijie	rg-nbs5100-48gt4sfp_firmware
49	Ruijie	rg-nbs5200-24gt4x_firmware
50	Ruijie	rg-nbs5200-24sfp\/8gt4xs_firmware
51	Ruijie	rg-nbs5200-48gt4xs_firmware
52	Ruijie	rg-nbs5300-48mg6xs_firmware
53	Ruijie	rg-nbs5528xg_firmware
54	Ruijie	rg-nbs5552xg_firmware
55	Ruijie	rg-nbs5552xg_v2.0_firmware
56	Ruijie	rg-nbs5628xg_firmware
57	Ruijie	rg-nbs5652xg_firmware
58	Ruijie	rg-nbs5710-24gt4sfp-e-p_firmware
59	Ruijie	rg-nbs5710-24gt4sfp-e_firmware
60	Ruijie	rg-nbs5710-48gt4sfp-e_firmware
61	Ruijie	rg-nbs5750-28gt4xs-e_firmware
62	Ruijie	rg-nbs5750v2-24gt4xs-e_firmware
63	Ruijie	rg-nbs5750v2-24sfp4xs-e_firmware
64	Ruijie	rg-nbs5750v2-48gt4xs-e_firmware
65	Ruijie	rg-nbs5816xs_firmware
66	Ruijie	rg-nbs6002_firmware
67	Ruijie	rg-nbs6100-20xs4vs2qxs-s_firmware
68	Ruijie	rg-nbs7003_firmware
69	Ruijie	rg-nbs7006_firmware
70	Ruijie	rg-eg210g-pe_firmware
71	Ruijie	rg-eg210g-e_firmware
72	Ruijie	rg-eg105g-pe_firmware
73	Ruijie	rg-eg105g_v2_firmware
74	Ruijie	rg-rap1260\(g\)_firmware
75	Ruijie	rg-rap1200\(e\)_firmware
76	Ruijie	rg-rap120v2_firmware
77	Ruijie	rg-rap100_firmware
78	Ruijie	rg-rap120_firmware
79	Ruijie	rg-rap2200\(g\)_firmware
80	Ruijie	rg-eap101_v2_firmware
81	Ruijie	rg-eap102_v2_firmware
82	Ruijie	rg-eap162\(g\)_firmware
83	Ruijie	rg-eap102\(f\)_firmware
84	Ruijie	rg-eap102_firmware
85	Ruijie	rg-eap101_firmware
86	Ruijie	rg-rap630ioda_firmware
87	Ruijie	rg-rap630cd_firmware
88	Ruijie	rg-rap6261\(e\)_firmware
89	Ruijie	rg-rap6261\(cd\)_firmware
90	Ruijie	rg-eap262\(g\)_firmware
91	Ruijie	rg-eap212\(g\)_firmware
92	Ruijie	rg-eap212\(f\)_firmware
93	Ruijie	rg-eap202_firmware
94	Ruijie	rg-eap201_firmware
95	Ruijie	rg-eap602_firmware
96	Ruijie	rg-eap662\(g\)_firmware
97	Ruijie	rg-ew1200r
98	Ruijie	rg-ew300r
99	Ruijie	rg-ew1200
100	Ruijie	rg-eg105g-e
101	Ruijie	rg-eg210g-p
102	Ruijie	rg-nbs3200-24gt4xs-p
103	Ruijie	rg-nbs3200-48gt4xs
104	Ruijie	rg-nbs3200-48gt4xs-p
105	Ruijie	rg-nbs3100-24gt4sfp
106	Ruijie	rg-nbs3100-24gt4sfp-p
107	Ruijie	rg-nbs3100-8gt2sfp
108	Ruijie	rg-nbs3100-8gt2sfp-p
109	Ruijie	rg-rap2200\(e\)
110	Ruijie	rg-rap2260\(e\)
111	Ruijie	rg-rap1200\(f\)
112	Ruijie	rg-rap2200\(f\)
113	Ruijie	rg-rap6260\(g\)
114	Ruijie	rg-rap2260\(g\)
115	Ruijie	rg-nbc256
116	Ruijie	rg-nbc512
117	Ruijie	rg-s1930-24gt4sfp
118	Ruijie	rg-s1930-24t4sfp-p
119	Ruijie	rg-s1930-8gt2sfp
120	Ruijie	rg-s1930-8gt2sfp-p
121	Ruijie	rg-s1930-8t2sfp-p
122	Ruijie	rg-s1930-24t4sfp
123	Ruijie	rg-nbs2009g-p
124	Ruijie	rg-ew1200g_pro
125	Ruijie	rg-ew1300g
126	Ruijie	rg-ew1800gx_pro
127	Ruijie	rg-ew3000gx_pro
128	Ruijie	rg-ew300_pro
129	Ruijie	rg-ew3200gx_pro
130	Ruijie	rg-nb3200-24gt4xs
131	Ruijie	rg-nbs1850gc
132	Ruijie	rg-nbs1850gc_v2
133	Ruijie	rg-nbs2000
134	Ruijie	rg-nbs200
135	Ruijie	rg-nbs2026g-p
136	Ruijie	rg-nbs2026g
137	Ruijie	rg-nbs226f
138	Ruijie	rg-nbs228f
139	Ruijie	rg-nbs252f
140	Ruijie	rg-nbs3100-24gt4sfp-p_v2
141	Ruijie	rg-nbs3100-48gt4sfp
142	Ruijie	rg-nbs3200-24sfp\/8gt4xs
143	Ruijie	rg-nbs5100-24gt4sfp
144	Ruijie	rg-nbs5100-48gt4sfp
145	Ruijie	rg-nbs5200-24gt4x
146	Ruijie	rg-nbs5200-24sfp\/8gt4xs
147	Ruijie	rg-nbs5200-48gt4xs
148	Ruijie	rg-nbs5300-48mg6xs
149	Ruijie	rg-nbs5528xg
150	Ruijie	rg-nbs5552xg
151	Ruijie	rg-nbs5552xg_v2.0
152	Ruijie	rg-nbs5628xg
153	Ruijie	rg-nbs5652xg
154	Ruijie	rg-nbs5710-24gt4sfp-e-p
155	Ruijie	rg-nbs5710-24gt4sfp-e
156	Ruijie	rg-nbs5710-48gt4sfp-e
157	Ruijie	rg-nbs5750-28gt4xs-e
158	Ruijie	rg-nbs5750v2-24gt4xs-e
159	Ruijie	rg-nbs5750v2-24sfp4xs-e
160	Ruijie	rg-nbs5750v2-48gt4xs-e
161	Ruijie	rg-nbs5816xs
162	Ruijie	rg-nbs6002
163	Ruijie	rg-nbs6100-20xs4vs2qxs-s
164	Ruijie	rg-nbs7003
165	Ruijie	rg-nbs7006
166	Ruijie	rg-eg210g-pe
167	Ruijie	rg-eg210g-e
168	Ruijie	rg-eg105g-pe
169	Ruijie	rg-eg105g_v2
170	Ruijie	rg-rap1260\(g\)
171	Ruijie	rg-rap1200\(e\)
172	Ruijie	rg-rap120v2
173	Ruijie	rg-rap100
174	Ruijie	rg-rap120
175	Ruijie	rg-rap2200\(g\)
176	Ruijie	rg-eap101_v2
177	Ruijie	rg-eap102_v2
178	Ruijie	rg-eap162\(g\)
179	Ruijie	rg-eap102\(f\)
180	Ruijie	rg-eap102
181	Ruijie	rg-eap101
182	Ruijie	rg-rap630ioda
183	Ruijie	rg-rap630cd
184	Ruijie	rg-rap6261\(e\)
185	Ruijie	rg-rap6261\(cd\)
186	Ruijie	rg-eap262\(g\)
187	Ruijie	rg-eap212\(g\)
188	Ruijie	rg-eap212\(f\)
189	Ruijie	rg-eap202
190	Ruijie	rg-eap201
191	Ruijie	rg-eap602
192	Ruijie	rg-eap662\(g\)

: Total Affected Vendor : 1 | Products : 192

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-38902.

URL	Resource
https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37	Exploit Third Party Advisory
https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37	Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-38902 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-38902 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

Initial Analysis by [email protected]

Aug. 23, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37 No Types Assigned	https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37 Exploit, Third Party Advisory
Added	CWE		NIST CWE-77
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200g_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200g_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200r_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1300g_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1300g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1800gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1800gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew3000gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew3000gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew300_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew300_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew300r_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew300r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew3200gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew3200gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nb3200-24gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nb3200-24gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs1850gc_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs1850gc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs1850gc_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs1850gc_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2000_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2009g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs200_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2026g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2026g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2026g_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2026g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs226f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs226f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs228f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs228f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs252f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs252f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp-p_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp-p_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-48gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-48gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-24gt4xs-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-24gt4xs-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-24sfp\/8gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-24sfp\/8gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5100-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5100-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5100-48gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5100-48gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-24gt4x_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-24gt4x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-24sfp\/8gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-24sfp\/8gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-48gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-48gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5300-48mg6xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5300-48mg6xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5528xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5528xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5552xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5552xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5552xg_v2.0_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5552xg_v2.0:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5628xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5628xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5652xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5652xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-24gt4sfp-e-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-24gt4sfp-e-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-24gt4sfp-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-24gt4sfp-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-48gt4sfp-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-48gt4sfp-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750-28gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750-28gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-24gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-24gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-24sfp4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-24sfp4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-48gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-48gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5816xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5816xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs6002_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs6002:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs6100-20xs4vs2qxs-s_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs6100-20xs4vs2qxs-s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs7003_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs7003:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs7006_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs7006:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24t4sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24t4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8gt2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8gt2sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8t2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8t2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-pe_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-pe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g-pe_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g-pe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1200\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1200\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1200\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1200\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap120v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap120v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap100_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap120_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap120:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2260\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2260\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap101_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap101_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap162\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap162\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap101_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap101:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap630ioda_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap630ioda:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap630cd_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap630cd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6261\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6261\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6261\(cd\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6261\(cd\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap262\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap262\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap212\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap212\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap212\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap212\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap202_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap202:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap201_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap201:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap602_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap602:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap662\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap662\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbc256_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbc256:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbc512_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbc512:-:::::::*

CVE Modified by [email protected]

Aug. 18, 2023

Action	Type	Old Value	New Value
Removed	Reference	http://rg-ew.com [No Types Assigned]
Removed	Reference	http://ruijie.com [No Types Assigned]

CVE Modified by [email protected]

Aug. 18, 2023

Action	Type	Old Value	New Value
Changed	Description	An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.	A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-38902 is associated with the following CWEs:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-38902 weaknesses.

CAPEC-15: Command Delimiters Command Delimiters CAPEC-40: Manipulating Writeable Terminal Devices Manipulating Writeable Terminal Devices CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-75: Manipulating Writeable Configuration Files Manipulating Writeable Configuration Files CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-136: LDAP Injection LDAP Injection CAPEC-183: IMAP/SMTP Command Injection IMAP/SMTP Command Injection CAPEC-248: Command Injection Command Injection

CVE-2023-38902

Netgear Command Injection Vulnerability

Description

INFO

Aug. 17, 2023, 1:15 p.m.

Nov. 21, 2024, 8:14 a.m.

[email protected]

Yes !

5.9

2.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.11 }} 0.01%

0.45040

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable