Cyber Resilience

CVE-2024-28288

Critical

Published: 30 March 2024

Published
30 March 2024
Modified
30 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 28.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28288 is a critical-severity Reliance on Cookies without Validation and Integrity Checking (CWE-565) vulnerability in Ruijie Rg-Nbr700Gw Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ruijie
rg-nbr700gw firmware
10.3\(4b12\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References