CVE-2023-38902

8.8

HIGH

Netgear Command Injection Vulnerability

Description

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

INFO

Published Date :

Aug. 17, 2023, 1:15 p.m.

Last Modified :

Aug. 23, 2023, 4:55 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.8

Affected Products

The following products are affected by CVE-2023-38902 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Ruijie	rg-ew1200r_firmware
2	Ruijie	rg-ew300r_firmware
3	Ruijie	rg-ew1200_firmware
4	Ruijie	rg-eg105g-e_firmware
5	Ruijie	rg-eg210g-p_firmware
6	Ruijie	rg-nbs3200-24gt4xs-p_firmware
7	Ruijie	rg-nbs3200-48gt4xs_firmware
8	Ruijie	rg-nbs3200-48gt4xs-p_firmware
9	Ruijie	rg-nbs3100-24gt4sfp_firmware
10	Ruijie	rg-nbs3100-24gt4sfp-p_firmware
11	Ruijie	rg-nbs3100-8gt2sfp_firmware
12	Ruijie	rg-nbs3100-8gt2sfp-p_firmware
13	Ruijie	rg-rap2200\(e\)_firmware
14	Ruijie	rg-rap2260\(e\)_firmware
15	Ruijie	rg-rap1200\(f\)_firmware
16	Ruijie	rg-rap2200\(f\)_firmware
17	Ruijie	rg-rap6260\(g\)_firmware
18	Ruijie	rg-rap2260\(g\)_firmware
19	Ruijie	rg-nbc256_firmware
20	Ruijie	rg-nbc512_firmware
21	Ruijie	rg-s1930-24gt4sfp_firmware
22	Ruijie	rg-s1930-24t4sfp-p_firmware
23	Ruijie	rg-s1930-8gt2sfp_firmware
24	Ruijie	rg-s1930-8gt2sfp-p_firmware
25	Ruijie	rg-s1930-8t2sfp-p_firmware
26	Ruijie	rg-s1930-24t4sfp_firmware
27	Ruijie	rg-ew1200g_pro_firmware
28	Ruijie	rg-ew1300g_firmware
29	Ruijie	rg-ew1800gx_pro_firmware
30	Ruijie	rg-ew3000gx_pro_firmware
31	Ruijie	rg-ew300_pro_firmware
32	Ruijie	rg-ew3200gx_pro_firmware
33	Ruijie	rg-nb3200-24gt4xs_firmware
34	Ruijie	rg-nbs1850gc_firmware
35	Ruijie	rg-nbs1850gc_v2_firmware
36	Ruijie	rg-nbs2000_firmware
37	Ruijie	rg-nbs2009g-p_firmware
38	Ruijie	rg-nbs200_firmware
39	Ruijie	rg-nbs2026g-p_firmware
40	Ruijie	rg-nbs2026g_firmware
41	Ruijie	rg-nbs226f_firmware
42	Ruijie	rg-nbs228f_firmware
43	Ruijie	rg-nbs252f_firmware
44	Ruijie	rg-nbs3100-24gt4sfp-p_v2_firmware
45	Ruijie	rg-nbs3100-48gt4sfp_firmware
46	Ruijie	rg-nbs3200-24sfp\/8gt4xs_firmware
47	Ruijie	rg-nbs5100-24gt4sfp_firmware
48	Ruijie	rg-nbs5100-48gt4sfp_firmware
49	Ruijie	rg-nbs5200-24gt4x_firmware
50	Ruijie	rg-nbs5200-24sfp\/8gt4xs_firmware
51	Ruijie	rg-nbs5200-48gt4xs_firmware
52	Ruijie	rg-nbs5300-48mg6xs_firmware
53	Ruijie	rg-nbs5528xg_firmware
54	Ruijie	rg-nbs5552xg_firmware
55	Ruijie	rg-nbs5552xg_v2.0_firmware
56	Ruijie	rg-nbs5628xg_firmware
57	Ruijie	rg-nbs5652xg_firmware
58	Ruijie	rg-nbs5710-24gt4sfp-e-p_firmware
59	Ruijie	rg-nbs5710-24gt4sfp-e_firmware
60	Ruijie	rg-nbs5710-48gt4sfp-e_firmware
61	Ruijie	rg-nbs5750-28gt4xs-e_firmware
62	Ruijie	rg-nbs5750v2-24gt4xs-e_firmware
63	Ruijie	rg-nbs5750v2-24sfp4xs-e_firmware
64	Ruijie	rg-nbs5750v2-48gt4xs-e_firmware
65	Ruijie	rg-nbs5816xs_firmware
66	Ruijie	rg-nbs6002_firmware
67	Ruijie	rg-nbs6100-20xs4vs2qxs-s_firmware
68	Ruijie	rg-nbs7003_firmware
69	Ruijie	rg-nbs7006_firmware
70	Ruijie	rg-eg210g-pe_firmware
71	Ruijie	rg-eg210g-e_firmware
72	Ruijie	rg-eg105g-pe_firmware
73	Ruijie	rg-eg105g_v2_firmware
74	Ruijie	rg-rap1260\(g\)_firmware
75	Ruijie	rg-rap1200\(e\)_firmware
76	Ruijie	rg-rap120v2_firmware
77	Ruijie	rg-rap100_firmware
78	Ruijie	rg-rap120_firmware
79	Ruijie	rg-rap2200\(g\)_firmware
80	Ruijie	rg-eap101_v2_firmware
81	Ruijie	rg-eap102_v2_firmware
82	Ruijie	rg-eap162\(g\)_firmware
83	Ruijie	rg-eap102\(f\)_firmware
84	Ruijie	rg-eap102_firmware
85	Ruijie	rg-eap101_firmware
86	Ruijie	rg-rap630ioda_firmware
87	Ruijie	rg-rap630cd_firmware
88	Ruijie	rg-rap6261\(e\)_firmware
89	Ruijie	rg-rap6261\(cd\)_firmware
90	Ruijie	rg-eap262\(g\)_firmware
91	Ruijie	rg-eap212\(g\)_firmware
92	Ruijie	rg-eap212\(f\)_firmware
93	Ruijie	rg-eap202_firmware
94	Ruijie	rg-eap201_firmware
95	Ruijie	rg-eap602_firmware
96	Ruijie	rg-eap662\(g\)_firmware

: Total Affected Vendor : 1 | Products : 96

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-38902.

URL	Resource
https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37	Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-38902 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-38902 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

Initial Analysis by [email protected]

Aug. 23, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37 No Types Assigned	https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37 Exploit, Third Party Advisory
Added	CWE		NIST CWE-77
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200g_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200g_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1200r_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1200r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1300g_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1300g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew1800gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew1800gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew3000gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew3000gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew300_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew300_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew300r_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew300r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-ew3200gx_pro_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-ew3200gx_pro:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nb3200-24gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nb3200-24gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs1850gc_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs1850gc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs1850gc_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs1850gc_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2000_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2009g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs200_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2026g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2026g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs2026g_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs2026g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs226f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs226f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs228f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs228f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs252f_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs252f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp-p_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp-p_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-48gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-48gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3100-8gt2sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3100-8gt2sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-24gt4xs-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-24gt4xs-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-24sfp\/8gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-24sfp\/8gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs3200-48gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs3200-48gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5100-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5100-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5100-48gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5100-48gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-24gt4x_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-24gt4x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-24sfp\/8gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-24sfp\/8gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5200-48gt4xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5200-48gt4xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5300-48mg6xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5300-48mg6xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5528xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5528xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5552xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5552xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5552xg_v2.0_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5552xg_v2.0:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5628xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5628xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5652xg_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5652xg:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-24gt4sfp-e-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-24gt4sfp-e-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-24gt4sfp-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-24gt4sfp-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5710-48gt4sfp-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5710-48gt4sfp-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750-28gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750-28gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-24gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-24gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-24sfp4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-24sfp4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5750v2-48gt4xs-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5750v2-48gt4xs-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs5816xs_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs5816xs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs6002_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs6002:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs6100-20xs4vs2qxs-s_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs6100-20xs4vs2qxs-s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs7003_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs7003:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbs7006_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbs7006:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24gt4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24gt4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24t4sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-24t4sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-24t4sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8gt2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8gt2sfp_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8gt2sfp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-s1930-8t2sfp-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-s1930-8t2sfp-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-pe_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-pe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g-pe_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g-pe:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g-e_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg105g_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg105g_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eg210g-p_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eg210g-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1200\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1200\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap1200\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap1200\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap120v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap120v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap100_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap120_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap120:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2260\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2260\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2260\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2260\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap2200\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap2200\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap101_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap101_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102_v2_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102_v2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap162\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap162\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap102_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap102:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap101_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap101:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap630ioda_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap630ioda:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap630cd_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap630cd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6261\(e\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6261\(e\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-rap6261\(cd\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-rap6261\(cd\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap262\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap262\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap212\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap212\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap212\(f\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap212\(f\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap202_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap202:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap201_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap201:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap602_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap602:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-eap662\(g\)_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-eap662\(g\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbc256_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbc256:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:ruijie:rg-nbc512_firmware:3.0\(1\)b11p219::::::: OR cpe:2.3:h:ruijie:rg-nbc512:-:::::::*

CVE Modified by [email protected]

Aug. 18, 2023

Action	Type	Old Value	New Value
Removed	Reference	http://rg-ew.com [No Types Assigned]
Removed	Reference	http://ruijie.com [No Types Assigned]

CVE Modified by [email protected]

Aug. 18, 2023

Action	Type	Old Value	New Value
Changed	Description	An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.	A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-38902 is associated with the following CWEs:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-38902 weaknesses.

CAPEC-15: Command Delimiters Command Delimiters CAPEC-40: Manipulating Writeable Terminal Devices Manipulating Writeable Terminal Devices CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-75: Manipulating Writeable Configuration Files Manipulating Writeable Configuration Files CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-136: LDAP Injection LDAP Injection CAPEC-183: IMAP/SMTP Command Injection IMAP/SMTP Command Injection CAPEC-248: Command Injection Command Injection

CVE-2023-38902

Netgear Command Injection Vulnerability

Description

INFO

Aug. 17, 2023, 1:15 p.m.

Aug. 23, 2023, 4:55 p.m.

[email protected]

Yes !

5.9

2.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.10 }} 0.03%

0.41876

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable