CVE-2026-12197 | A security flaw has been discovered in Ruijie EG105G-P 2.340… | CVSS 7.2 HIGH

Description

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12197
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-14 07:02 UTC
Published: 2026-06-14 23:45 UTC
Last updated: 2026-06-14 23:45 UTC
Primary CWE: CWE-77
Command Injection
Vendor / Product: Ruijie / EG105G-P
Sources: cve.org · NVD

Severity & Metrics

7.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
Ruijie	EG105G-P	—	2.340

Weakness (CWE)

CWE	Source	Description
CWE-74	cna	Injection
CWE-77	cna	Command Injection

CVSS scores (4)

Score	Severity	Version	Source	Vector
8.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
8.3	N/D	2.0	cna	AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
7.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
7.2	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

References (5)

VDB-370840 | Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection https://vuldb.com/vuln/370840
VDB-370840 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/370840/cti
CVE-2026-12197 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12197
Submit #829253 | Ruijie EG105G-P 1.40 Command Injection https://vuldb.com/submit/829253
https://github.com/ictrun/java/issues/6