CVE-2024-28288 - Vulnerability Details - OpenCVE

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Ruijie	Rg-nbr700gw Rg-nbr700gw Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\(4b12\):*:*:*:*:*:*:*

cpe:2.3:h:ruijie:rg-nbr700gw:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md
https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1

History

Mon, 30 Jun 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ruijie rg-nbr700gw
CPEs		cpe:2.3:h:ruijie:rg-nbr700gw:-:::::::*
Vendors & Products		Ruijie rg-nbr700gw

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ruijie Ruijie rg-nbr700gw Firmware
Weaknesses		CWE-565
CPEs		cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\(4b12\):::::::*
Vendors & Products		Ruijie Ruijie rg-nbr700gw Firmware
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-30T00:00:00

Updated: 2024-11-04T14:13:51.015Z

Reserved: 2024-03-08T00:00:00

Link: CVE-2024-28288

Vulnrichment

Updated: 2024-08-02T00:48:49.675Z

NVD

Status : Analyzed

Published: 2024-03-30T01:15:47.003

Modified: 2025-06-30T12:47:33.457

Link: CVE-2024-28288

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28288", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-04T14:13:51.015Z", "dateReserved": "2024-03-08T00:00:00", "datePublished": "2024-03-30T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-30T00:16:32.445126"}, "descriptions": [{"lang": "en", "value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"}, {"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-565", "lang": "en", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"}]}], "affected": [{"vendor": "ruijie", "product": "rg-nbr700gw_firmware", "cpes": ["cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.3\\(4b12\\)", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-04T14:13:44.580378Z", "id": "CVE-2024-28288", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T14:13:51.015Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.675Z"}, "title": "CVE Program Container", "references": [{"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1", "tags": ["x_transferred"]}, {"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1", "tags": ["x_transferred"]}, {"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.675Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-04T14:13:44.580378Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*"], "vendor": "ruijie", "product": "rg-nbr700gw_firmware", "versions": [{"status": "affected", "version": "10.3\\(4b12\\)"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:20.608Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"}, {"url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"}], "descriptions": [{"lang": "en", "value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-30T00:16:32.445126"}}}, "cveMetadata": {"cveId": "CVE-2024-28288", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:13:51.015Z", "dateReserved": "2024-03-08T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-30T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ruijie:rg-nbr700gw_firmware:10.3\\(4b12\\):*:*:*:*:*:*:*", "matchCriteriaId": "53A3205D-70B8-40F5-B8E4-080665EC0B08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ruijie:rg-nbr700gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "99A76E27-A85D-4C40-AAA4-C066DD417C4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise."}, {"lang": "es", "value": "El router Ruijie RG-NBR700GW 10.3(4b12) carece de verificaci\u00f3n de cookies al restablecer la contrase\u00f1a, lo que genera una vulnerabilidad de restablecimiento de contrase\u00f1a de administrador. Un atacante puede utilizar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo e interrumpir el negocio de la empresa."}], "id": "CVE-2024-28288", "lastModified": "2025-06-30T12:47:33.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-30T01:15:47.003", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-565"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}