CVE-2023-4169
published 2023-08-05CVE-2023-4169: A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the…
PriorityP186high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
47.11%
98.7th percentile
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruijie | rg-ew1200g | — | — |
| ruijie | rg-ew1200g_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
otherapp.2fe6356cdd1ddd0eb8d6317d1a48d379.css
commandPOST /api/sys/set_passwd {"username":"web","admin_new":"<password>"}
- →Look for unauthenticated POST requests to /api/sys/set_passwd with a JSON body containing 'username' and 'admin_new' fields — this is the exploit payload for the password reset vulnerability.
- →A successful exploit returns HTTP 200 with a JSON body containing '"result":"ok"' and Content-Type application/json — use this as a confirmation matcher.
- →Identify Ruijie RG-EW1200G devices exposed on the internet by searching for the fingerprint CSS asset 'app.2fe6356cdd1ddd0eb8d6317d1a48d379.css' in HTTP response bodies (Shodan/FOFA).
- ·The vulnerability affects specifically firmware version 1.0(1)B1P5 of the Ruijie RG-EW1200G; other firmware versions may not be vulnerable. ↗
- ·The Nuclei template is marked 'intrusive' because exploitation actively resets the administrator password to a random value, which is destructive to the target device's configuration.
- ·The exploit requires only low-privilege (PR:L) authentication per CVSS scoring, meaning a logged-in non-admin user can trigger the password reset — not fully unauthenticated.
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck6.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4mvq-g24w-q4w9: A vulnerability was found in Ruijie RG-EW1200G 1
ghsa_unreviewed·2023-08-05
CVE-2023-4169 [MEDIUM] CWE-284 GHSA-4mvq-g24w-q4w9: A vulnerability was found in Ruijie RG-EW1200G 1
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
VulnCheck
Ruijie RG-EW1200G 1.0(1)B1P5 Access Control Vulnerability
vulncheck·2023·CVSS 6.3
CVE-2023-4169 [MEDIUM] Ruijie RG-EW1200G 1.0(1)B1P5 Access Control Vulnerability
Ruijie RG-EW1200G 1.0(1)B1P5 Access Control Vulnerability
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected: ruijie rg-ew1200g_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploita
No detection rules found.
Nuclei
Ruijie RG-EW1200G Router - Password Reset
nuclei·CVSS 8.8
CVE-2023-4169 [HIGH] Ruijie RG-EW1200G Router - Password Reset
Ruijie RG-EW1200G Router - Password Reset
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.
Template:
id: CVE-2023-4169
info:
name: Ruijie RG-EW1200G Router - Password Reset
author: DhiyaneshDK
severity: high
description: |
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can
No writeups or analysis indexed.
2023-08-05
Published
Exploited in the wild