CVE-2025-11141 | Ruijie NBR2100G-E up to 20250919 branch_passw.php?a=list listAction city os command injection

A vulnerability has been found in Ruijie NBR2100G-E up to 20250919 and classified as critical. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection.

This vulnerability is reported as CVE-2025-11141. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More