CVE-2025-58778

Summary

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.

Affected Software

VendorProductVersion RangeStatus
Ruijie Networks Co., Ltd.RG-EST300AP_3.0(1)B2P18_EST300_06210514affected
Ruijie Networks Co., Ltd.RG-EST300AP_3.0(1)B2P10_EST300_06151523affected
Ruijie Networks Co., Ltd.RG-EST300AP_3.0(1)B2P10_EST300_05232216affected
Ruijie Networks Co., Ltd.RG-EST300and AP_3.0(1)B2P10_EST300_05220814affected

Weaknesses

  • CWE-912: Hidden functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References