CVE-2025-56114

CVE-2025-56114 is an OS Command Injection vulnerability (CWE-78) affecting the Ruijie M18 device running firmware version EW_3.0(1)B11P226_M18_10223116. The flaw resides in the module_set function within the file /usr/local/lua/dev_config/config_retain.lua, where insufficient input validation allows attackers to inject and execute arbitrary operating system commands through a specially crafted POST request. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and potential for significant impact.

An attacker with low privileges (PR:L), such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending a malicious POST request to the vulnerable endpoint, the attacker can execute arbitrary commands on the underlying operating system, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability.

Mitigation details and further technical analysis are documented in vendor advisories and independent reports available at the following references: https://1drv.ms/f/c/12406a392c92914b/EmXarTTNPwFHjk8lLwQIqj8Ba9nlq-owLMBtEKpBwMrn5A?e=vvi2dM, https://1drv.ms/t/c/12406a392c92914b/EWfEhLkTSblOur72XhaQ7W4BsxQ1IWXZ-Wkcv9WC7AYb-g?e=LpMdqT, and https://github.com/flegoity/Ruijie-Multiple-Devices-Vulnerability-Reports-for-CVE/blob/main/CVE-2025-56114.md. Security practitioners should consult these for patch availability, workaround guidance, and affected version confirmation.