Cyber Resilience

CVE-2024-24116

CriticalPublic PoC

Published: 02 October 2024

Published
02 October 2024
Modified
10 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8887 99.5th percentile
Risk Priority 73 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24116 is a critical-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Ruijie Rg-Nbs2009G-P Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-24116 is an unauthorized access vulnerability in the Ruijie RG-NBS2009G-P switch running RGOS version 10.4(1)P2 Release(9736). The flaw resides in the system/config_menu.htm endpoint and is assigned a CVSS 3.1 base score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction and full impact on confidentiality, integrity, and availability. The associated CWEs note insufficient permission enforcement.

A remote attacker can send crafted requests directly to the affected endpoint to escalate privileges and obtain administrative control of the device. Successful exploitation grants the attacker the ability to read, modify, or disrupt switch configuration and traffic handling without prior authentication.

Public references consist of a technical disclosure and proof-of-concept repository demonstrating the access bypass; neither source provides vendor patch information or mitigation steps. The EPSS score stands at 0.8887 with no reported rise from a lower baseline.

EU & UK References

Vulnerability details

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing web management interface (config_menu.htm) on a network switch due to incorrect access control, facilitating privilege escalation to server/admin privileges and denial of service via system crash.

Affected Assets

ruijie
rg-nbs2009g-p firmware
10.4\(1\)p2_release\(9736\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References