File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 锐捷 RG-UAC 统一上网行为管理审计系统存在账号密码信息泄露漏洞。该系统某接口未做权限校验,远程攻击者无需认证即可直接访问该接口,获取返回的 JSON 数据中 super_admin 管理员账号与密码信息,进而登录后台获取系统控制权。攻击者可通过构造特制 HTTP GET 请求触发漏洞,利用难度低,无需交互,影响 RG-UAC 全系列受影响版本。"
3+ published = " 2021-02-26"
4+ remediation = " 联系锐捷官方获取修复该漏洞的最新 RG-UAC 固件版本并升级;如无法立即升级,应在边界防火墙上限制仅允许可信管理 IP 访问 RG-UAC 的 Web 管理端口(默认 443/80),同时修改默认 super_admin 密码并开启双因素认证作为临时缓解措施。"
5+ score = 5.0
6+ severity = " MEDIUM"
7+ sources = [" nuclei" ]
8+ title = " 锐捷 RG-UAC 统一上网行为管理审计系统账号密码信息泄露漏洞"
9+ updated = " 2021-02-26"
10+
11+ [exploit ]
12+ exp_urls = []
13+ poc_urls = [" https://github.com/S1xHcL/CNVD-2021-14536" ]
14+
15+ [id ]
16+ aliases = [
17+ " NUCLEI-HTTP-CNVD-2021-CNVD-2021-14536-YAML" ,
18+ " CNVD-2021-14536" ,
19+ ]
20+ ave_id = " AVE-2021-0004"
21+
22+ [meta ]
23+ collected_at = " 2026-07-14T00:00:00Z"
24+ status = " completed"
25+
26+ [references ]
27+ urls = [
28+ " https://github.com/1n7erface/PocList" ,
29+ " https://github.com/S1xHcL/CNVD-2021-14536" ,
30+ ]
You can’t perform that action at this time.
0 commit comments