CVE-2024-2642 – This critical vulnerability in Ruijie RG-NBS200... (How to Fix)

Q: What is the severity of CVE-2024-2642?

CVE-2024-2642 has a CVSS score of 7.3 (HIGH). This critical vulnerability in Ruijie RG-NBS2009G-P network switches allows remote attackers to execute arbitrary commands via command injection in the /EXCU_SHELL file's Command1 parameter. Attackers can gain full control of affected switches, potentially compromising entire network segments. Organizations using these switches up to March 5, 2024 are at risk.

📋 TL;DR

This critical vulnerability in Ruijie RG-NBS2009G-P network switches allows remote attackers to execute arbitrary commands via command injection in the /EXCU_SHELL file's Command1 parameter. Attackers can gain full control of affected switches, potentially compromising entire network segments. Organizations using these switches up to March 5, 2024 are at risk.

💻 Affected Systems

Products:

Ruijie RG-NBS2009G-P

Versions: All versions up to 20240305

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable firmware version are affected. The vulnerability exists in the foreground CLI functionality.

📦 What is this software?

Rg Nbs2009g P Firmware by Ruijie

View all CVEs affecting Rg Nbs2009g P Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise allowing attackers to intercept all traffic, deploy ransomware, pivot to other systems, and cause permanent network disruption.

🟠

Likely Case

Unauthorized access to switch configuration, traffic interception, network disruption, and lateral movement to connected systems.

🟢

If Mitigated

Limited impact if switches are isolated in management VLANs with strict access controls, though command injection could still affect switch functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in PDF format. The vulnerability requires network access to the switch's management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact Ruijie support for firmware updates. Consider replacing affected switches if no patch is forthcoming.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate switch management interfaces in dedicated VLAN with strict access controls

Access Control Lists

all

Implement strict ACLs to limit access to switch management interfaces

access-list 100 deny ip any any

🧯 If You Can't Patch

Immediately isolate affected switches from internet and critical network segments
Implement network monitoring for suspicious traffic to/from switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Check switch firmware version via CLI: show version. If version is 20240305 or earlier, the device is vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify firmware has been updated beyond 20240305 version. Test command injection attempts should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual CLI commands in system logs
Multiple failed authentication attempts followed by successful access
Commands containing shell metacharacters in EXCU_SHELL access logs

Network Indicators:

Unusual traffic patterns from switch management interfaces
Unexpected outbound connections from switches
Traffic containing command injection payloads

SIEM Query:

source="switch_logs" AND ("EXCU_SHELL" OR "Command1") AND ("|" OR ";" OR "$" OR "`")

📊 Metadata

CVE ID: CVE-2024-2642

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

Published: March 19, 2024

Last Updated: August 21, 2025

🔗 References

https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf Broken Link
https://vuldb.com/?ctiid.257281 Permissions Required,VDB Entry
https://vuldb.com/?id.257281 Third Party Advisory,VDB Entry
https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf Broken Link
https://vuldb.com/?ctiid.257281 Permissions Required,VDB Entry
https://vuldb.com/?id.257281 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2642, you might also want to check these: