Ruijie RG-EW1800GX PRO and RG-YST OS Command Injection Vulnerability

A command injection vulnerability has been identified in the Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 and RG-YST EST/YSTAP_3.0(1)B11P96RG-EST300 V2RG-EST100RG-EST100 Pro DCRG-EST100 Pro POERG-YST230F. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the affected device by sending specially crafted POST requests to the module_set in the file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to the module_set endpoint in /usr/local/lua/dev_sta/nbr_cwmp.lua with a payload that includes the desired command to be executed on the server. This can be done using a tool like curl or Postman, ensuring that the request is authenticated.