CVE-2023-38902

Name: CVE-2023-38902
Creator: NVD / NIST
Published: 2023-08-17T13:15:11.347+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 2.19%

Last modified Jun 17, 2026

CVE-2023-38902 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.. EPSS estimates a 2.19% chance of exploitation in the next 30 days.

Description

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.19%

80.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-77

Affected Software

Vendor	Product	Versions
Ruijie	Rg-Ew1200 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew1200g Pro Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew1200r Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew1300g Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew1800gx Pro Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew3000gx Pro Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew300 Pro Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew300r Firmware	3.0\(1\)b11p219
Ruijie	Rg-Ew3200gx Pro Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nb3200-24gt4xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs1850gc Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs1850gc V2 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs2000 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs2009g-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs200 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs2026g-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs2026g Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs226f Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs228f Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs252f Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-24gt4sfp-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-24gt4sfp-P V2 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-24gt4sfp Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-48gt4sfp Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-8gt2sfp-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3100-8gt2sfp Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3200-24gt4xs-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3200-24sfp\/8gt4xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3200-48gt4xs-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs3200-48gt4xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5100-24gt4sfp Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5100-48gt4sfp Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5200-24gt4x Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5200-24sfp\/8gt4xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5200-48gt4xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5300-48mg6xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5528xg Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5552xg Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5552xg V2.0 Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5628xg Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5652xg Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5710-24gt4sfp-E-P Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5710-24gt4sfp-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5710-48gt4sfp-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5750-28gt4xs-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5750v2-24gt4xs-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5750v2-24sfp4xs-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5750v2-48gt4xs-E Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs5816xs Firmware	3.0\(1\)b11p219
Ruijie	Rg-Nbs6002 Firmware	3.0\(1\)b11p219

Showing 50 of 96 affected configurations. See NVD for the full list.

References

https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37Exploit, Third Party Advisory
https://gist.github.com/ZIKH26/18693c67ee7d2f8d2c60231b19194c37Exploit, Third Party Advisory

Timeline

Published: Aug 17, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-38902?

How severe is CVE-2023-38902?

CVE-2023-38902 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.19% probability of exploitation in the next 30 days.

How do I fix CVE-2023-38902?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-38902?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST