Home

Description

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC.

PUBLISHED Reserved 2025-11-24 | Published 2025-11-24 | Updated 2025-11-25 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unknown

Any version
affected

Timeline

2023-01-01:Vulnerability is publicly disclosed in 2023

References

github.com/...nerabilities/ruijie/ruijie-nbr-fileupload.yaml exploit

cn-sec.com/archives/1995366.html exploit

www.cnblogs.com/Domren/articles/19093295 exploit

rfk0z.github.io/...-php-arbitrary-file-upload-vulnerability/ exploit

www.vulncheck.com/...arbitrary-file-upload-via-fileuploadphp third-party-advisory

cve.org (CVE-2023-7330)

nvd.nist.gov (CVE-2023-7330)

Download JSON