Ruijie EG Easy Gateway - Remote Command Execution

What is "Ruijie EG Easy Gateway - Remote Command Execution?"

The "Ruijie EG Easy Gateway - Remote Command Execution" module is designed to detect a vulnerability in the Ruijie EG Easy Gateway software. This vulnerability allows for remote command execution, which can lead to the disclosure of administrator account credentials. The severity of this vulnerability is classified as critical.

This module was authored by pikpikcu and pdteam.

Impact

If exploited, the remote command execution vulnerability in Ruijie EG Easy Gateway can have severe consequences. An attacker can gain unauthorized access to the administrator account and potentially compromise the entire system. This can result in unauthorized data access, modification, or even complete system takeover.

How the module works?

The module works by sending a specific HTTP request to the target Ruijie EG Easy Gateway login page. The request is designed to exploit the vulnerability and trigger the remote command execution. The module then analyzes the response to determine if the vulnerability is present.

Here is an example of the HTTP request:

POST /login.php HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded

username=admin&password=admin?show+webmaster+user

The module uses several matching conditions to confirm the presence of the vulnerability:

- The response body must contain the following words: "data", "status:1", and "admin". - The response header must contain the word "text/json". - The HTTP status code must be 200.

If all the matching conditions are met, the module reports the vulnerability.