CVE 6.3 MEDIUM

Ruijie EG306MG strongSwan strongswan.conf missing encryption_CVE-2025-8763

August 9, 2025 invoker category_cve
6.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

A vulnerability in Ruijie EG306MG's strongSwan component allows remote attackers to access sensitive data due to missing encryption. The issue is difficult to exploit but could lead to significant security breaches. The CVSS score is 6.3, indicating a medium severity.

Basic Information

ID CVE-2025-8763
Source VulDB
Published Aug 9, 2025 at 18:02

Affected Product

Vendor Ruijie
Product EG306MG
Version 3.0(1)B11P309
Affected Versions Ruijie EG306MG 3.0(1)B11P309

CWE Classification

CWE-311 CWE-310

AI Assessment

AI Severity Medium
Vendor Ruijie
Product Ruijie EG306MG
Version 3.0(1)B11P309

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.