A critical authentication bypass vulnerability has been identified in certain Ruijie network switches. This flaw allows a remote, unauthenticated attacker to gain complete administrative control over affected devices, posing a severe risk of network disruption, configuration changes, and data interception.

This is a remote authentication bypass vulnerability. An unauthenticated attacker can exploit a flaw in the device's authentication mechanism, likely via a specially crafted network request to the management interface, to gain full administrative privileges without providing valid credentials. Successful exploitation grants the attacker the same level of access as a legitimate administrator, allowing them to view and modify the device's entire configuration, monitor network traffic, and disable security features.

This vulnerability is rated as critical severity with a CVSS score of 9.4. Exploitation could have a significant business impact, leading to a complete compromise of the network segment managed by the affected switch. An attacker with administrative control could re-route, intercept, or drop network traffic, causing widespread service outages (Denial of Service). Furthermore, the attacker could capture sensitive data, alter network configurations to enable further attacks (lateral movement), or install persistent backdoors, severely impacting data confidentiality, integrity, and availability.

Immediate Action: The primary remediation is to apply the vendor-supplied security patches immediately. Organizations should update the firmware on all affected Ruijie products to the latest version as recommended by the vendor. After patching, administrators should review access logs for any signs of unauthorized access or configuration changes that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring of all affected network devices. Security teams should configure alerts and review logs for any unusual administrative login attempts, particularly from untrusted or internal IP addresses that do not belong to network administrators. Monitor for unexpected configuration changes, the creation of new user accounts, or abnormal traffic patterns originating from the switch's management interface.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. Restrict network access to the switch's management interface using strict Access Control Lists (ACLs) or firewall rules, ensuring it is only accessible from a dedicated and secured management VLAN or specific trusted IP addresses. Disable management access from the public internet or any untrusted network segments.

Public Exploit Available: false

Given the critical CVSS score of 9.4 and the potential for complete network compromise, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-provided firmware updates to all affected Ruijie devices. While this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime candidate for future inclusion. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a matter of urgency to limit the attack surface.