Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
History

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie rg-est300
Vendors & Products Ruijie
Ruijie rg-est300

Thu, 16 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Oct 2025 06:15:00 +0000

Type Values Removed Values Added
Description Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
Weaknesses CWE-912
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2025-10-16T06:04:43.115Z

Updated: 2025-10-16T14:31:05.215Z

Reserved: 2025-09-05T03:22:34.671Z

Link: CVE-2025-58778

cve-icon Vulnrichment

Updated: 2025-10-16T14:31:01.721Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-16T06:15:37.533

Modified: 2025-10-16T15:28:59.610

Link: CVE-2025-58778

cve-icon Redhat

No data.