CVE-2024-28288

CRITICAL
Published Mar 30, 2024 Modified Jun 30, 2025 CWE-565

Description

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-565 CWE-565

Affected Products

Vendor Product
ruijie rg-nbr700gw_firmware
ruijie rg-nbr700gw

References

Frequently Asked Questions

What is CVE-2024-28288? +
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2024-28288? +
CVE-2024-28288 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-28288? +
CVE-2024-28288 affects products from ruijie, specifically: rg-nbr700gw, rg-nbr700gw_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-28288? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-28288 — free, no signup required.

Start Free Scan