CVE-2023-34644

Name: CVE-2023-34644
Creator: NVD / NIST
Published: 2023-07-31T14:15:10.323+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.52%

Last modified Jun 17, 2026

CVE-2023-34644 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.. EPSS estimates a 1.52% chance of exploitation in the next 30 days.

Description

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.52%

71.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Ruijie	Rg-Ew1200r Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew300 Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew3200gx Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew1200g Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew1800gx Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew300r Firmware	3.0\(1\)b11p204
Ruijie	Rg-Ew1200 Firmware	3.0\(1\)b11p204
Ruijie	Rg-Eg3000xe Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg105g Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg305gh-P-E Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg105g-P Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg3230 Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg1000e Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg105g-E Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg105gw\(T\) Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg105gw-X Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg2000ce Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg2100-P Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg209gs Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg310gh-E Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg3000eu Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg210g-P Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg3250 Firmware	3.0\(1\)b11p216
Ruijie	Re-Eg1000m Firmware	3.0\(1\)b11p216
Ruijie	Rg-Eg1000c Firmware	3.0\(1\)b11p216
Ruijie	Rg-Nbs3100-48gt4sfp-P Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-24gt4xs Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-24sfp Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-8gt4xs Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-24gt4xs-P Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-48gt4xs Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3200-48gt4xs-P Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3100-24gt4sfp Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3100-24gt4sfp-P Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3100-8gt2sfp Firmware	3.0\(1\)b11p218
Ruijie	Rg-Nbs3100-8gt2sfp-P Firmware	3.0\(1\)b11p218
Ruijie	Rg-Rap1260 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap2266 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap1261 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap73hd Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap2200\(E\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap6260\(H\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap1200\(P\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap2260\(E\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap6262\(G\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap6262 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap2260 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap6202\(G\) Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap1201 Firmware	ap_3.0\(1\)b11p218
Ruijie	Rg-Rap1200\(F\) Firmware	ap_3.0\(1\)b11p218

Showing 50 of 65 affected configurations. See NVD for the full list.

References

https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/Patch, Vendor Advisory
https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001
https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/Patch, Vendor Advisory
https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001

Timeline

Published: Jul 31, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-34644?

How severe is CVE-2023-34644?

CVE-2023-34644 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.52% probability of exploitation in the next 30 days.

How do I fix CVE-2023-34644?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-34644?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST