cbcvebase.
CVE-2023-38902
published 2023-08-17

CVE-2023-38902: A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219…

PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.19%
80.2th percentile
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Affected

89 ranges· showing 25
VendorProductVersion rangeFixed in
ruijierg-eap101_firmware
ruijierg-eap101_v2_firmware
ruijierg-eap102_firmware
ruijierg-eap102_v2_firmware
ruijierg-eap162_firmware
ruijierg-eap201_firmware
ruijierg-eap202_firmware
ruijierg-eap212_firmware
ruijierg-eap262_firmware
ruijierg-eap602_firmware
ruijierg-eap662_firmware
ruijierg-eg105g-e_firmware
ruijierg-eg105g-pe_firmware
ruijierg-eg105g_v2_firmware
ruijierg-eg210g-e_firmware
ruijierg-eg210g-p_firmware
ruijierg-eg210g-pe_firmware
ruijierg-ew1200_firmware
ruijierg-ew1200g_pro_firmware
ruijierg-ew1200r_firmware
ruijierg-ew1300g_firmware
ruijierg-ew1800gx_pro_firmware
ruijierg-ew3000gx_pro_firmware
ruijierg-ew300_pro_firmware
ruijierg-ew300r_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.