Ruijie Networks RG-EST300 Undocumented SSH Functionality Vulnerability

A vulnerability exists in the RG-EST300 model of Ruijie Networks' EST series, specifically in the AP_3.0(1)B2P10 and AP_3.0(1)B2P18 versions. The issue arises from an undocumented SSH server feature that is enabled by default. This hidden functionality allows anyone with the appropriate credentials to log into the device via SSH. Once logged in, a user could disclose sensitive information, modify system configurations, or create a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized access via SSH, allowing for information disclosure, unauthorized changes to system configurations, or the creation of a denial-of-service condition on the affected device.

Remediation

Users are advised to stop using the RG-EST300 model, as it is no longer supported. It is recommended to switch to a supported alternative. For more information, consult the product life cycle policy on the Ruijie Networks website.