CVE-2025-56129

|
CVE-2025-56129 vulnerability security high severity OS Command Injection Ruijie RG-BCR860 CVE database router security

Summary

CVE-2025-56129 is a high-severity OS Command Injection vulnerability affecting Ruijie RG-BCR RG-BCR860 routers. Successful exploitation allows attackers to execute arbitrary commands on the underlying operating system via a crafted POST request.

This vulnerability poses a significant risk to organizations using the affected Ruijie routers, potentially leading to complete system compromise and data breaches.

Technical Details

CVE-2025-56129 is an OS Command Injection vulnerability located in the /usr/lib/lua/luci/controller/admin/diagnosis.lua file of the Ruijie RG-BCR RG-BCR860 firmware. The action_diagnosis function within this file is susceptible to command injection due to insufficient input validation. An attacker can inject malicious operating system commands into a POST request parameter, which are then executed by the router's operating system with elevated privileges.

The vulnerability arises because the action_diagnosis function directly incorporates user-supplied input into a system call without proper sanitization or escaping. This allows an attacker to bypass security measures and execute arbitrary commands, potentially gaining full control of the device.

The attack vector involves sending a specially crafted POST request to the vulnerable endpoint. The request must contain a parameter that is used within the action_diagnosis function to construct the system command. By injecting shell metacharacters or commands into this parameter, the attacker can manipulate the resulting command and execute arbitrary code.

Affected Products and Versions

  • Ruijie RG-BCR RG-BCR860 routers running vulnerable firmware versions.

Impact Assessment

Successful exploitation of CVE-2025-56129 can have severe consequences, including:

  • Complete System Compromise: Attackers can gain full control of the affected router.
  • Data Breach: Sensitive data stored on the router or transmitted through it can be accessed and exfiltrated.
  • Network Disruption: Attackers can disrupt network services by modifying router configurations or launching denial-of-service attacks.
  • Malware Installation: The router can be used as a platform to install malware and spread it to other devices on the network.
  • Botnet Recruitment: The compromised router can be recruited into a botnet and used for malicious activities.

Remediation

Immediate Actions

  • Apply the Security Patch: Upgrade the Ruijie RG-BCR RG-BCR860 router firmware to the latest version provided by Ruijie, which includes a fix for CVE-2025-56129.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity, such as unusual outbound connections or attempts to access the vulnerable endpoint.
  • Restrict Access: Limit access to the router's management interface to authorized personnel only.

Long-term Solutions

  • Implement Input Validation: Ensure that all user-supplied input is properly validated and sanitized before being used in system calls.
  • Regular Security Audits: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.
  • Keep Firmware Updated: Regularly update the router firmware to the latest version to benefit from security patches and bug fixes.

References

Detection & Scanning

This vulnerability can be detected by analyzing network traffic for suspicious POST requests to the /usr/lib/lua/luci/controller/admin/diagnosis.lua endpoint. Look for requests containing shell metacharacters or commands in the request parameters. Vulnerability scanners can also be used to identify vulnerable Ruijie RG-BCR RG-BCR860 routers.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan

Scan Your Website for Vulnerabilities

Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.

Start Free Scan