Ruijie M18 EW_3.0(1)B11P226_M18_10223116 Vulnerability

HIGH (8.8) No Patch (2 days)
cwe-78aenrichfirmware-vulnerabilityluanetwork-managementruijie

Threat Intelligence

Low Risk
EPSS Score: 0.29% chance of exploitation (percentile: 52%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Ruijie M18 EW_3.0(1)B11P226_M18_10223116 is a Lua-based firmware for Ruijie network devices, used primarily in enterprise environments for network management and configuration. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua, posing a significant risk of unauthorized access and potential lateral movement within the network.

Am I affected?

You're affected if you use OS Command Injection vulnerability. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Ruijie Networks / M18 EW_3.0(1)B11P226_M18_10223116

How to fix

  1. Contact Ruijie directly for a patched firmware version, as there is no public patch link available.
  2. Immediate mitigations:
  3. Restrict network access to your Ruijie device (firewall it from the public internet).
  4. Audit network configuration and logs for suspicious activity.
  5. Monitor for unauthorized changes or commands executed through the vulnerable module.

References