CVE-2025-56087

CVE-2025-56087 is an OS command injection vulnerability (CWE-78) affecting the Ruijie RG-BCR RG-BCR600W device. The flaw resides in the run_tcpdump function within the file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua, where attackers can execute arbitrary operating system commands by sending a crafted POST request. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability can be exploited by low-privileged remote attackers with network access to the device. An attacker with basic authenticated access (PR:L) can craft and submit a malicious POST request to the affected endpoint, leading to arbitrary command execution on the underlying operating system. Successful exploitation grants high-level control over the device, potentially allowing full compromise including data exfiltration, modification of configurations, or disruption of services.

Advisories and detailed reports are available in the provided references, including vulnerability analyses hosted on OneDrive and a GitHub repository at https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56087.md, which may outline mitigation strategies such as applying vendor patches, restricting administrative access, or disabling the tcpdump functionality. Security practitioners should consult these sources for specific remediation guidance.