Description
OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.
Published: 2025-12-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 31 Dec 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie rg-nbs5100-24gt4sfp Firmware
CPEs cpe:2.3:o:ruijienetworks:reyee_os:248:*:*:*:*:*:*:* cpe:2.3:o:ruijie:rg-nbs5100-24gt4sfp_firmware:3.0\(1\)b11p248:*:*:*:*:*:*:*
Vendors & Products Ruijienetworks
Ruijienetworks reyee Os
Ruijie rg-nbs5100-24gt4sfp Firmware

Mon, 15 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie rg-s1930 Firmware
CPEs cpe:2.3:h:ruijienetworks:rg-s1930:-:*:*:*:*:*:*:*
cpe:2.3:o:ruijienetworks:rg-s1930_firmware:3.0\(1\)b11p230:*:*:*:*:*:*:*		 cpe:2.3:h:ruijie:rg-s1930:-:*:*:*:*:*:*:*
cpe:2.3:o:ruijie:rg-s1930_firmware:3.0\(1\)b11p230:*:*:*:*:*:*:*
Vendors & Products Ruijienetworks rg-s1930
Ruijienetworks rg-s1930 Firmware
Ruijie rg-s1930 Firmware

Mon, 15 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie rg-nbs5100-24gt4sfp
Ruijienetworks
Ruijienetworks reyee Os
Ruijienetworks rg-s1930
Ruijienetworks rg-s1930 Firmware
CPEs cpe:2.3:h:ruijie:rg-nbs5100-24gt4sfp:-:*:*:*:*:*:*:*
cpe:2.3:h:ruijienetworks:rg-s1930:-:*:*:*:*:*:*:*
cpe:2.3:o:ruijienetworks:reyee_os:248:*:*:*:*:*:*:*
cpe:2.3:o:ruijienetworks:rg-s1930_firmware:3.0\(1\)b11p230:*:*:*:*:*:*:*
Vendors & Products Ruijie rg-nbs5100-24gt4sfp
Ruijienetworks
Ruijienetworks reyee Os
Ruijienetworks rg-s1930
Ruijienetworks rg-s1930 Firmware

Fri, 12 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Dec 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie rg-s1930
Vendors & Products Ruijie
Ruijie rg-s1930

Thu, 11 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.
References

Subscriptions

Ruijie Rg-nbs5100-24gt4sfp Rg-nbs5100-24gt4sfp Firmware Rg-s1930 Rg-s1930 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-12-12T17:35:45.781Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-56130

cve-icon Vulnrichment

Updated: 2025-12-12T17:30:56.832Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-11T19:15:58.133

Modified: 2025-12-31T01:52:19.303

Link: CVE-2025-56130

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-12-12T08:49:29Z

Weaknesses