CVE-2026-14736

Ruijie · RG-UAC

Ruijie RG-UAC contains vulnerabilities related to unrestricted file uploads and improper access controls, potentially allowing unauthorized system interaction.

Executive summary

The Ruijie RG-UAC gateway is susceptible to critical access control and file upload vulnerabilities that could allow an unauthenticated attacker to compromise system integrity.

Vulnerability

This vulnerability involves CWE-434 (Unrestricted Upload) and CWE-284 (Improper Access Control). These flaws permit an unauthenticated remote attacker to bypass security mechanisms and potentially upload arbitrary files to the appliance.

Business impact

The ability to perform unauthorized file uploads on a network gateway poses a severe risk to organizational security. A successful exploit could lead to full system compromise, unauthorized network access, or the deployment of persistent backdoors. Given the CVSS score of 7.3, this is considered a high-severity issue that requires immediate attention to prevent data exfiltration and network disruption.

Remediation

Immediate Action: Contact Ruijie support or monitor the official vendor portal for a security patch addressing these specific CWEs.

Proactive Monitoring: Inspect system logs for unusual file upload activity or unauthorized configuration changes within the RG-UAC management interface.

Compensating Controls: Implement strict network segmentation and ensure the management interface of the RG-UAC is not exposed to the public internet.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Organizations utilizing Ruijie RG-UAC should prioritize restricting access to the management console to authorized internal networks only. Until a formal vendor patch is released, treat this device as a high-risk asset and apply all available hardening measures to mitigate the risk of unauthorized file execution.