Cyber Resilience

CVE-2024-32394

High

Published: 22 April 2024

Published
22 April 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1184 93.9th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32394 is a high-severity an unspecified weakness vulnerability. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-32394 is an unauthenticated remote code execution vulnerability affecting Ruijie RG-RSR10-01G-T(WA)-S routers running firmware version RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910. The flaw permits an attacker to supply a crafted HTTP request that results in arbitrary code execution on the device.

The CVSS 8.8 vector shows an adjacent-network attack with no required credentials or user interaction, enabling an attacker on the same network segment to achieve full compromise of confidentiality, integrity, and availability. Successful exploitation grants the attacker the ability to run arbitrary commands on the router.

The associated EPSS score stands at 0.1184 with no material rise from a lower baseline. Public references consist of technical gist postings that demonstrate the issue but contain no vendor advisory or patch information.

EU & UK References

Vulnerability details

An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References