CVE-2025-58778_CVE-2025-58778

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.

Basic Information

ID CVE-2025-58778

Source jpcert

Published Oct 16, 2025 at 06:04

Affected Product

Vendor Ruijie Networks Co., Ltd.

Product RG-EST300

Version AP_3.0(1)B2P18_EST300_06210514

Affected Versions Ruijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P18_EST300_06210514
Ruijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P10_EST300_06151523
Ruijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P10_EST300_05232216
Ruijie Networks Co., Ltd. RG-EST300 and AP_3.0(1)B2P10_EST300_05220814

CWE Classification

CWE-912

References

{
    "lastseen": "",
    "description": "Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.",
    "published": "2025-10-16T06:04:43.115Z",
    "modified": "2025-10-16T06:04:43.115Z",
    "type": "cve",
    "title": "CVE-2025-58778",
    "source": "jpcert",
    "references": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/\nhttps://www.ruijie.com/en-global/support/productLifecycle\nhttps://jvn.jp/en/jp/JVN72648885/",
    "id": "CVE-2025-58778",
    "bulletinFamily": "",
    "cwe": [
        "CWE-912"
    ],
    "cvelist": null,
    "sourceData": "Ruijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P18_EST300_06210514\nRuijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P10_EST300_06151523\nRuijie Networks Co., Ltd. RG-EST300 AP_3.0(1)B2P10_EST300_05232216\nRuijie Networks Co., Ltd. RG-EST300 and AP_3.0(1)B2P10_EST300_05220814",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RG-EST300",
    "version": "AP_3.0(1)B2P18_EST300_06210514",
    "vendor": "Ruijie Networks Co., Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}