CVE-2025-58778
📋 TL;DR
This vulnerability affects Ruijie Networks RG-EST300 devices where SSH server functionality is enabled by default without documentation. Attackers with knowledge of default or leaked credentials can gain unauthorized access, potentially leading to information disclosure, configuration changes, or denial of service. Organizations using affected RG-EST300 devices are at risk.
💻 Affected Systems
- Ruijie Networks RG-EST300
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing attackers to steal sensitive data, reconfigure network settings, deploy malware, or render the device completely inoperable.
Likely Case
Unauthorized access leading to information disclosure about network configurations and potential configuration changes disrupting network operations.
If Mitigated
Limited impact if strong authentication controls, network segmentation, and monitoring are implemented to detect and prevent unauthorized access attempts.
🎯 Exploit Status
Exploitation requires credential knowledge but is straightforward once credentials are obtained. Default or weak credentials increase exploit likelihood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848/
Restart Required: Yes
Instructions:
1. Check Ruijie Networks advisory for specific patched versions. 2. Download firmware update from vendor portal. 3. Backup current configuration. 4. Apply firmware update following vendor instructions. 5. Verify SSH is properly configured post-update.
🔧 Temporary Workarounds
Disable SSH Server
allDisable SSH server functionality if not required for operations
configure terminal
no ip ssh server enable
write memory
Change Default Credentials
allImmediately change any default or weak credentials to strong, unique passwords
configure terminal
username admin secret <strong-password>
write memory
🧯 If You Can't Patch
- Implement network access controls to restrict SSH access to authorized management networks only
- Enable logging and monitoring for SSH authentication attempts and alert on failed logins
🔍 How to Verify
Check if Vulnerable:
Check if SSH server is enabled on RG-EST300 devices using 'show ip ssh' command and verify if default/weak credentials are in useCheck Version:
show versionVerify Fix Applied:
After patching, verify SSH server configuration and test authentication with updated credentials. Check device logs for unauthorized access attempts.📡 Detection & Monitoring
Log Indicators:
- Failed SSH authentication attempts
- Successful SSH logins from unexpected sources
- Configuration changes via SSH sessions
Network Indicators:
- SSH connections to RG-EST300 devices from unauthorized IP addresses
- Unusual SSH traffic patterns
SIEM Query:
source="RG-EST300" AND (event_type="ssh_login" OR event_type="ssh_failed")