Cyber Resilience

CVE-2023-27796

HighPublic PoCRCE

Published: 26 March 2023

Published
26 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1187 93.9th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27796 is a high-severity Command Injection (CWE-77) vulnerability in Ruijienetworks Rg-Ew1800Gx Pro Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-27796 affects three Ruijie wireless router models—RG-EW1200G PRO, RG-EW1800GX PRO, and RG-EW3200GX PRO—running firmware EW_3.0(1)B11P204. The routers contain multiple command-injection flaws in the runPackDiagnose function of diagnose.lua, where unsanitized values supplied to the data.ip, data.protocal, data.iface, and data.package parameters are passed directly to operating-system commands.

An authenticated attacker with network access can supply crafted parameter values to execute arbitrary commands on the device. Successful exploitation yields full control over the router, enabling actions such as configuration changes, traffic interception, or use of the device as a pivot point inside the target network. The vulnerability carries a CVSS 3.1 score of 8.8.

Public references consist of GitHub repositories that document the affected parameters and provide proof-of-concept details; no vendor advisory or firmware patch information is included in the available references. The associated EPSS score has remained at 0.1187 with no material increase since disclosure.

EU & UK References

Vulnerability details

RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ruijienetworks
rg-ew1800gx pro firmware
ew_3.0\(1\)b11p204
ruijienetworks
rg-ew3200gx pro firmware
ew_3.0\(1\)b11p204
ruijienetworks
rg-ew1200g pro firmware
ew_3.0\(1\)b11p204

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References