CVE-2023-3306
published 2023-06-18CVE-2023-3306: A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
23.06%
97.5th percentile
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruijie | rg-ew1200g | — | — |
| ruijie | rg-ew1200g_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.3HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-84f8-vjhf-h3rw: A vulnerability was found in Ruijie RG-EW1200G EW_3
ghsa_unreviewed·2023-06-18
CVE-2023-3306 [HIGH] CWE-284 GHSA-84f8-vjhf-h3rw: A vulnerability was found in Ruijie RG-EW1200G EW_3
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
VulnCheck
ruijie rg-ew1200g_firmware Improper Access Control
vulncheck·2023·CVSS 7.3
CVE-2023-3306 [HIGH] ruijie rg-ew1200g_firmware Improper Access Control
ruijie rg-ew1200g_firmware Improper Access Control
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected: ruijie rg-ew1200g_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: htt
Red Hat
mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6
vendor_redhat·2023-09-20·CVSS 7.5
CVE-2023-5157 [HIGH] CWE-400 mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6
mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Package: mariadb (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-18
Published
Exploited in the wild